Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 May 2014 03:20:29 +0000
From: mancha <mancha1@...o.com>
To: oss-security@...ts.openwall.com
Cc: info@...uxfoundation.org, admin@...ncryptoaudit.org
Subject: Linux Foundation OpenSSL audit

The Linux Foundation's Core Infratructure Initiative (CII), born during
the aftermath of Heartbleed, has announced five new corporate sponsors
as well as its immediate plans to support the NTP, OpenSSH, and OpenSSL
projects. [1]

I applaud both the Linux Foundation and all its corporate sponsors for
their inspiring leadership and vision.

In the case of OpenSSL, some of the funding will be channeled through
the Open Crypto Audit Project (OCAP) which is being charged with its
security audit.

OCAP can benefit greatly from reviewing OpenBSD's ongoing OpenSSL
audit/review process which was the genesis for LibreSSL. I am cc'ing
OCAP so they might comment on how the LibreSSL effort will factor into
their workplan.

Further, I am aware the OpenBSD Foundation has reached out to CII to
request LibreSSL funding support. Given OpenBSD's solid track record and
the leadership and initiative they've demonstrated through LibreSSL, I
would appreciate if CII (also cc'd) would comment on that outstanding
request.

Many thanks.

--mancha

[1] http://www.linuxfoundation.org/news-media/announcements/2014/05/core-infrastructure-initiative-announces-new-backers


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ