Open Source has always been important throughout our ten year run at Opengear. Heck, it’s even part of our name. OpenSSL has been around even longer than us – since 1998 – and the cryptographic library has been something we’ve taken a keen interest in, as a user of the technology and as a financial supporter, for many of those years. Now, as “OpenSSL” has become visible outside the developer community due to last month’s HeartBleed vulnerability, we thought it time to reinforce why we strongly believe in what OpenSSL’s underappreciated contributors do for all of us.
The proverbial labor of love, the OpenSSL Software Foundation works on a project that is used by most commercial firms for next to nothing (or, in most cases, nothing).* Talented people contribute out of a passion for making the Internet a safer place for us. And they contribute with a core belief that Open Source software helps enrich our lives (in ways that most users benefiting from OpenSSL development will probably never know). Opengear has always seen the value in the tireless, often thankless work the Foundation has done and has made efforts to support it. We’re proud to list ourselves as one of the sponsors that help the OpenSSL Project move forward.
We’ve also helped OpenSSL move from the server and desktop PC to the much bigger world of embedded devices, sponsoring the first OpenSSL FIPS validation on non-Intel processors. The benefits of this collaboration have been widespread and now tons of embedded devices use FIPS-approved OpenSSL (including competitors ).
HeartBleed was not good, but open source software (just like commercial software) will have bugs – it’s a fact of life. OpenSSL will probably have other issues as it continues to mature, and that’s ok – we just want to make sure the OpenSSL Foundation continues on (and, ideally, gets the respect and funding it deserves). But, the good news: in the wake of the vulnerability, other companies are getting on board, and we think that’s great (and, really, about time).
*For more on the people behind OpenSSL, LinuxInsider’s Richard Adhikari has written this great piece.