After Heartbleed, OpenSSL Is Forked Into LibreSSL
NEWS ANALYSIS: In open-source, when things go wrong, forks happen. The forking of OpenSSL is a direct response to the Heartbleed vulnerability.The OpenSSL project has come under intense scrutiny in recent weeks due to the Heartbleed vulnerability. While the OpenSSL Foundation has publicly asked for more money to help fuel development, a new option to push OpenSSL forward is now getting started. In the open-source development model, when disputes happen and one group wants to take a project in a different direction, forks happen and that's what is now occurring with OpenSSL. The open-source OpenBSD operating system community has now officially forked the OpenSSL code and is building its own version of an open-source cryptographic library called LibreSSL. The forking of OpenSSL is a direct response to the Heartbleed vulnerability, which was first publicly disclosed April 7. OpenSSL is an open-source cryptographic library used to provide Secure Sockets Layer (SSL) services to Websites and embedded technologies. The Heartbleed flaw could enable an attacker to read data from a server that is vulnerable. It's an attack that has been used against the Canada Revenue Agency, as well as a client of security vendor FireEye.
When the Heartbleed news first broke, I contacted OpenBSD founder Theo de Raadt, who is always a great source for colorful commentary. OpenBSD is an open-source operating system that makes use of OpenSSL and also leads multiple important open-source efforts, including OpenSSH. I was curious about the disclosure process around the Heartbleed flaw, which left hundreds of millions of end users at risk, though somehow a few services, including Google and CloudFlare, did receive advance notice.