Vulnerability Management

Cryptography Services launches security audit for OpenSSL

Share

The NCC Group's Cryptography Services has confirmed its plans to launch an audit of OpenSSL under the Linux Foundation's Core Infrastructure Initiative.

The audit, initially announced this past May, was detailed in a post.

“The audit's primary focus is on the TLS stacks, covering protocol flow, state transitions, and memory management,” Cryptography Services wrote. “We'll also be looking at the BIOs, most of the high-profile cryptographic algorithms, and setting up fuzzers for the ASN.1 and x509 parsers.”

The team should see preliminary results in early summer.

Cryptography Services held off on the audit until OpenSSL made the codebase stable enough for thorough testing, the largest effort to review it to date.

The Linux Foundation's initiative represents an “unprecedented drive towards improving security for open source software, and NCC Group is excited to be a part of it,” the group wrote.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.