OpenSSL To Undergo Security Audit, Gets Cash For 2 Developers 132
Trailrunner7 (1100399) writes "Scarcely a month after announcing the formation of a group designed to help fund open source projects, the Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit Project. The CII is backed by a who's who of tech companies, including Google, Microsoft, IBM, the Linux Foundation, Facebook and Amazon, and the group added a number of new members this week, as well. Adobe, Bloomberg, HP Huawei and Salesforce.com have joined the CII and will provide financial backing. Now, the OCAP team, which includes Johns Hopkins professor and cryptographer Matthew Green, will have the money to fund an audit of OpenSSL, as well. OpenSSL took a major hit earlier this year with the revelation of the Heartbleed vulnerability, which sent the Internet into a panic, as the software runs on more than 60 percent of SSL-protected sites."
Re:OpenSSL and what else. (Score:5, Informative)
The issue that I find, is that OpenSSL is the only Open Source Player out there.
But It is not the only SSL/TLS game in town. There is also GnuTLS and Network Security Services (NSS).
Re:OpenSSL and what else. (Score:5, Informative)
There are alternatives, although I can't comment on how they compare with OpenSSL.
GnuTLS [gnutls.org] (LGPLv2.1)
Mozilla Network Security Services [mozilla.org] (Mozilla Public License)
PolarSSL [polarssl.org] (GPL2 and proprietary).
MatrixSSL (GPL and proprietary [matrixssl.org]
Re:Namecoin in client-server mode (Score:3, Informative)
Already now I have the trusted third party option. Moxie has started a service offering this: http://convergence.io/ [convergence.io]