The effort to protect against vulnerabilities like OpenSSL’s Heartbleed continues. Nokia Solutions and Networks (NSN) announced a substantial donation to help the OpenSSL project fight against future vulnerabilities similar to Heartbleed.
(Related: Heartbleed causes tech giants to unite over open-source software development)
“We see protecting mobile broadband networks as a top priority and believe that best-in-class security can be achieved by combining the forces of market-leading experts,” said Hossein Moiin, executive vice president of technology and innovation at NSN.
The Heartbleed bug, which was publicized on April 7, introduced some very serious issues about open-source software development. If a bug of that magnitude lived on the Web for two years without anyone noticing, what other bugs could be lurking in open-source software? The problem is that developers using open-source code assume that the million of other eyes on the Web have already examined the code. Also, a lot of open-source projects are underfunded and understaffed, and don’t have the time or resources to constantly review and examine code.
(Related: OpenSSL’s bleeding heart)
The Heartbleed bug proved that a bug of this magnitude is possible, and there needs to be an easier way to prevent these types of vulnerabilities. Donations like NSN’s will help the OpenSSL Software Foundation safeguard against a Heartbleed recurrence.
The NSN’s contribution will be made over two years and place it as OpenSSL’s first platinum sponsor. (A platinum sponsor is one that donates $50,000 a year or more.)
“This is by far our largest donation to date, highlighting NSN’s position as an industry leader in safeguarding security,” said Steve Marquess, cofounder and president of the OpenSSL Software Foundation.
NSN has also offered its Certificate Management Protocol (CMP) client implementation to be integrated into OpenSSL library.
“CMP is a security cornerstone of modern LTE networks, and the client implementation provided by NSN is the only usable out-of-the-box example available under a free and open source license,” said the company.