An accident waiting to happen: Why OpenSSL had to be forked

Video of a talk by Bob Beck at BSDCan 2014 a few weeks ago. Not just a deep dive into the technical details of the security news story of the decade, but an education in software development best practices (most of which appear to have been violated by the OpenSSL project).

Bob is a member of the OpenBSD Foundation board and lead developer for LibreSSL, the new fork of OpenSSL.

Why did “we” let OpenSSL happen? Nobody looked. Or nobody admitted that they looked. We all did it. The code was too horrible to look at. This isn’t just an OpenSSL thing, or just an open source thing. It’s not unique in software development, it’s just the high profile one of the moment.

LibreSSL at BSDCan by Michael W Lucas (17 May 2014).

This entry was posted in Development, Security, Systems Analysis on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).