The world of Internet may be dominated by IT giants but still there are small level coders who mark a significant online place on account of their specialized software products. One of the best examples of this is OpenSSL software, which is used by numerous IT establishments across the globe to encrypt online communications.
According to the latest news, the company is about to release new updates of its code meant to fix many security vulnerabilities out of which some are said to have ‘high’ severity.
According to its name, OpenSSL provides Secure Sockets Layer encryption for websites and related networks to see that the important data may not be read by untrusted sources. It is noteworthy that even IT giants like Google, Yahoo and Facebook along with U.S. federal government networks use this software technology for the security of their important data.
Surprisingly, the OpenSSL organization has not revealed any details about the security vulnerabilities in its software and the fixes it is going to release on March 19, 2015. According to Steve Marquess, a founding partner at the OpenSSL Software Foundation, information will only be shared in advance with the major operating system vendors.
He added that “We’d like to let everyone know so they can be prepared and so forth, but we have been slowly driven to a pretty brutal policy of no [advance] disclosure. One of our main revenue sources is support contracts, and we don’t even give them advance notice.”
In order to prevent widespread attacks, further information about the vulnerability have been kept private till the patch fixes are released. It is expected that more information about the vulnerability details will also be released along with the updates Thursday.
Thus, at present, there is no further information available about the mystery security vulnerabilities (CVE-2015-0209, CVE-2015-0285, CVE-2015-0288). Nevertheless, based on the assumption of industry experts, this security vulnerability may be another POODLE or Heartbleed bug, worst TLS/SSL flaws that are still affecting a number of websites on the Internet.
The Heartbleed flaw was found to be adversely affecting the software in April last year in a previous version of OpenSSL, due to which hackers were able to read the sensitive contents from the users’ encrypted data like credit card information and steal SSL keys from Internet servers or client software.
As of now, OpenSSL happens to be a highly important software project and is ranked at the top spot under the Linux Foundation’s Core Infrastructure Initiative due to its extensive usage and lack of in-depth security review.
As per the reports, premier companies like Google, Facebook and Cisco are funding the Internet’s “Core Infrastructure Initiative,” which is a US$2 Million-a-year project committed to support and audit open-source projects.