title: An accident waiting to happen: Why OpenSSL had to be forked link: https://onemoretech.wordpress.com/2014/05/30/an-accident-waiting-to-happen-why-openssl-had-to-be-forked/ author: phil2nc description: post_id: 7771 created: 2014/05/30 22:09:38 created_gmt: 2014/05/31 02:09:38 comment_status: closed post_name: an-accident-waiting-to-happen-why-openssl-had-to-be-forked status: publish post_type: post

An accident waiting to happen: Why OpenSSL had to be forked

Video of a talk by Bob Beck at BSDCan 2014 a few weeks ago. Not just a deep dive into the technical details of the security news story of the decade, but an education in software development best practices (most of which appear to have been violated by the OpenSSL project). Bob is a member of the OpenBSD Foundation board and lead developer for LibreSSL, the new fork of OpenSSL. [youtube https://www.youtube.com/watch?v=GnBbhXBDmwU&w;=560&h;=315]

Why did “we” let OpenSSL happen? Nobody looked. Or nobody admitted that they looked. We all did it. The code was too horrible to look at. This isn’t just an OpenSSL thing, or just an open source thing. It’s not unique in software development, it’s just the high profile one of the moment.

LibreSSL at BSDCan by Michael W Lucas (17 May 2014).

Copyright 2004-2019 Phil Lembo