It’s been a rough couple of months for OpenSSL, the open-source SSL/TLS toolkit that runs the underlying encryption mechanisms for a large portion of the Internet. Back in April, the Heartbleed bug ravaged OpenSSL, which led to Heartbleed hysteria and widespread criticism of the small development team tasked with maintaining the vital protocol.
In the months since, the software industry came to OpenSSL’s rescue, and the project is finally beginning to right itself. With the help of the coalition of tech companies behind the Core Infrastructure Initiative, and aid from OpenBSD in the form of the forked LibReSSL encryption scheme, Open SSL has published a project road map laying out the project’s current issues, objectives and strategies going forward.
“The OpenSSL project is increasingly perceived as slow-moving and insular,” the document stated. “This road map will attempt to address this by setting out some objectives for improvement, along with defined timescales.”
The living document lays out a number of issues plaguing OpenSSL and translates them into primary plans of action. Each comes with an approximate timeframe as to when the issue will be resolved. The main issues and objectives are:
1. RT backlog: The log of open tickets in the OpenSSL bug tracking system (RT) has been backed up for years.
Objectives: Respond to tickets within four working days. (Timeframe: Now.)
Reduce existing RT backlog, including tickets raised before release of current versions. (Timeframe: Ongoing.)
2. Incomplete/incorrect documentation: Documentation of OpenSSL is patchy at best. Some areas are well documented, while many others suffer from incomplete or incorrect documentation.
Objective: Provide complete documentation for all public APIs, which may include introduction of a new documentation system. (Timeframe: Within one year.)