Sign in to follow this  
Followers 0
BINREV SPYD3R

HPR - HPR1529: TrueCrypt, Heartbleed, and Lessons Learned

1 post in this topic

Two recent events have shed light on some fundamental issues in getting security in Open Source projects. One of them is a serious bug referred to as "Heartbleed", and the other is the first part of a security audit of the TrueCrypt encryption program. By looking at both of these together and doing a Lessons Learned we can draw some conclusions about what is needed to have security in Open Source projects.Links: http://www.digitaltrends.com/computing/how-did-the-heartbleed-openssl-bug-happen/#!FLdxR https://tools.ietf.org/html/rfc6520 https://www.novainfosec.com/2014/04/16/no-major-findings-in-truecrypt-audit/ http://arstechnica.com/information-technology/2014/04/tech-giants-chastened-by-heartbleed-finally-agree-to-fund-openssl/ http://podcasts.infoworld.com/d/open-source-software/heartbleed-postmortem-openssls-license-discouraged-scrutiny-241781?source=rss_security http://www.zwilnik.com/?page_id=588

Go to this episode

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0