top | item 7567684

(no title)

sgarlatm | 12 years ago

It may actually be a good thing if Chrome migrates to OpenSSL. With their resources, perhaps they can do some testing to see if there are any more vulnerabilities out there. At the very least, their continued eye on the project should help it be more secure going forward.

discuss

wigginus|12 years ago

Actually I think the Heartbleed vulnerability was most probably found because of this migration, as it was found by Neel Mehta of Google (and the Codenomicon guys). The date of this draft is 2014-01-26, so it makes sense, that the OpenSSL code is evaluated by the security team before the migration.

rdudek|12 years ago

Considering how widely it's used, if Google could use some of their resources to better it, I'm all for it!

Shish2k|12 years ago

Considering how widely SSL is used, and the resources of Google, I wonder if they could come up with their own encryption toolkit? How hard can it be for a company the size of Google to create a library that lives up to eg SQLite's quality standards?

crashandburn4|12 years ago

Those were my thoughts exactly, I think OpenSSL just needs a bit of care and refactoring (possibly a lot depending on which blogs you read) for which they need devs and resources, both of which google has.

thirsteh|12 years ago

The problem with OpenSSL is that it's really problematic to simply fix and refactor stuff given their FIPS certification.