OpenSSL – OSTIF Goals

OpenSSL is an open-source library for encryption. It is widely used for secure HTTPS web sites and is utilized in thousands of applications.

OSTIF Goals for OpenSSL:

Primary goals:

-Establish a bug bounty to encourage close scrutiny by the worldwide security community.
-A full security audit of version 1.1.1 code by a reputable group. This version was selected because it has crucial changes made to the code base to introduce TLS 1.3 to OpenSSL.

Secondary goals:

-Research and implement fixes for any vulnerabilities found in OpenSSL through auditing that remain unpatched.
-Research and implement new features into OpenSSL such as new cipher suites and hash algorithms.
-Research and implement new features into OpenSSL to improve usability.
-Investigate entropy sources for flaws.
-Deprecate unsafe cryptography so that it can no longer be used in OpenSSL. (SSLv2, SSLv3, short key lengths, bad entropy sources like Dual_EC_DRBG)