Document Actions

Google Forks Open Source OpenSSL Web Security Code

The VAR Guy - In the wake of Heartbleed, there may soon be as many variants of the open source OpenSSL software for encrypting Web traffic as there are Pokemon characters—or something like that. A few days ago, Google (GOOG) became the latest organization to announce its own OpenSSL spin, which it's calling BoringSSL.

Google developer Adam Langley announced BoringSSL—a name he described as "aspirational," presumably because Google hopes the new software will prove more drama-free than OpenSSL—in a blog post on June 20.

Google has made its own modifications to the OpenSSL code for some time for use in Chrome and other offerings, Langley said. But going forward, the company intends to fork OpenSSL entirely to create a separate solution, a change it hopes will simplify development on Google's end.

That said, Langley emphasized that Google is "not aiming to replace OpenSSL as an open source project," and will continue sharing code with the OpenSSL developers when it will help them fix bugs in their own software. Those code contributions will be available under an ISC license, a type of open source license that the GNU folks—who probably spend more time than anyone else worrying about keeping software Free—regard as essentially kosher.