SoylentNews

janrinok writes:

Google is releasing its own independently developed fork of OpenSSL [arstechnica.com], the widely used cryptography library that came to international attention following the Heartbleed vulnerability that threatened hundreds of thousands of websites with catastrophic attacks.

The unveiling of BoringSSL, as the Google fork has been dubbed, means there will be three separate versions of OpenSSL, which is best known for implementing the secure socket layer and transport layer security protocols on an estimated 500,000 websites. Developers of the OpenBSD operating system took the wraps off LibreSSL a few weeks after the surfacing of Heartbleed. Google is taking pains to ensure BoringSSL won't unnecessarily compete or interfere with either of those independent projects. Among other things, the company will continue to back the Core Infrastructure Initiative, which is providing $100,000 in funding for two full-time OpenSSL developers so the organization can refurbish its badly aging code base.

Why Google should choose to go this route has been discussed on HackerNews [ycombinator.com].

---

Original Submission