Entries with tag open source code.

Google Responds to Heartbleed Flaw with BoringSSL

Problems associated with the Heartbleed Internet-security vulnerability discovered earlier this year continue with hundreds of thousands of servers still operating with unpatched problems in the open-source OpenSSL cryptographic library. To address these concerns, Google announced it is developing BoringSSL, based on OpenSSL, which is an open source implementation of the Secure Sockets Layer and Transport Layer Security protocols. Researchers discovered a flaw in OpenSSL that attackers could exploit to access an application’s memory, including sensitive data and private encryption keys. Google is developing BoringSSL, rather than just patching OpenSSL, because it can no longer keep up with all the patches. “As Android, Chrome, and other products have started to need some subset of these patches, things have grown very complex,” said Google software engineer Adam Langley, “The effort involved in keeping all these patches straight across multiple code bases is getting to be too much.” The company is now importing changes from OpenSSL into BoringSSL .Google plans to contribute its BoringSSL code to the OpenSSL open-source project. The new SSL fork should appear in Google’s Chromium repository soon and in the Android OS after that. (eWeek)(PC World)(Naked Security)(BoringSSL)

Serious Web Encryption Vulnerability Affects Internet Users Worldwide

A newly discovered problem in a ubiquitous Web encryption technology leaves Internet users worldwide vulnerable to hacking and is being called one of the most serious security flaws uncovered in recent years. Researchers from Google and Codenomicon, a vendor of robustness testing tools, found Heartbleed, a vulnerability in OpenSSL, an open-source implementation of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols that has existed for at least two years. An attacker could exploit the vulnerability, bypassing SSL and TLS encryption to access sensitive data, including passwords, that Internet users transmit. Security experts say network administrators should change their online passwords and must patch their Web and email servers to prevent these problems. Codenomicon CEO David Chartier said, “I don't think anyone that had been using [OpenSSL] is in a position to definitively say they weren't compromised.” (Reuters)(The Associated Press)

DARPA Goes Open Source

DARPA has placed some of its sponsored research data online and made it available to the public through its Open Catalog, which contains a list of the US Defense Department agency’s available software and peer-reviewed publications. The information has not traditionally been easy for interested researchers to find. The response to this criticism was the creation of this site, which currently includes links to peer-reviewed publications from DARPA’s XDATA open source software library for big data. The agency says it is making the information public to increase “the number of experts who can help quickly develop relevant software for the government” and eventually incorporate some of the software into their own products. Should the R&D community prove interested, DARPA said, it will release additional information from other programs including Broad Operational Language Translation (BOLT) and Visual Media Reasoning (VMR). The DARPA Open Catalog is at www.darpa.mil/OpenCatalog/index.html.  (PC Mag)(WIRED)(The Verge)(DARPA)
 

GitHub Encourages Code Licensing

Github, an open source code repository, has launched a site that allows its developers to select a license for their work. The Choose a License site provides information about the features of each license type to users before they make a selection. They can also explicitly select a no license option with the cautionary “please note that opting out of open source licenses doesn't mean you’re opting out of copyright law.” The site also clearly states in several places that developers should have legal counsel before making a decision. Earlier this year, Aaron Williamson, senior staff counsel at the Software Freedom Law Center, investigated license-free software and whether young developers don’t want to deal with the complexities of open source licensing and governance. In his analysis of 28 percent (1,692,135) of GitHub’s code repositories, only 14.9 percent contained some form of license. (SlashDot)(InfoWorld) (ComputingNow NewsFeed – 18 June 2013)(GitHub)(Choose a License 

Showing 4 results.