Who pays free crypto developers?
Crypto or Bust
© Lead Image © Gigra, 123RF.com
Although open source crypto software is used virtually all over the world, the projects behind it are often small and chronically underfunded. Heartbleed, however, brings a possibility of improvement.
Community Notebook
Open source software has the advantage that anyone can inspect the code and thus discover bugs. Despite this, a glaring security hole went unnoticed in OpenSSL [1] for more than two years, eventually going down in history as the Heartbleed bug [2]. Seemingly – although the OpenSSL source code is freely available – no one actually noticed the problem because hardly anyone had been looking.
Of course, a bug like this would not attract so much attention if the OpenSSL user base were not so huge. Millions of private users and countless companies rely on this cryptography software. Although it is designed to protect the security of multimillion dollar projects, its development rests in the hands of a small group of programmers. As in the case of GnuPG [3], sometimes only one person maintains the extensive codebase.
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia