Please donate to a worthy crypto security cause

John W8MEJ Menerick · April 15, 2014

If you have ever used OpenSSL, please donate money to this worthy cause. Your donation will go towards security and cryptographic researchers who are financially (or egotistically) motivated to discover security-related defects in OpenSSL’s intellectual property. Trust me, OpenSSL needs it!!!!!!!! See the below picture for a simple, secure code review on OpenSSL’s latest release, 1.0.1g.

What we see is typical of an older, open source C / C++ based application. Overall, there are code quality issues in addition to common C / C++ software security defects. Fortunately, some of the bugs require unique situations to exist. Unfortunately, as we saw in HeartBleed, other defects are straight forward and easily exploitable.

Share on: