The OpenSSL library is currently one of the most popular open source cryptography and SSL/TLS toolkits. Some experts have dubbed OpenSSL and similar libraries “the most dangerous code in the world.” [1]

​

In this module’s final assignment, I detailed some of the major design flaws that have resulted in vulnerabilities such as the Heartbleed bug. Then, key principles and best practices for designing a safe and secure replacement for OpenSSL. Finally, propose a testing and evaluation plan that includes static analysis, dynamic analysis, and automated verification and validation techniques to reduce or eliminate vulnerabilities.

 

​

[1] Georgiev, et al., “The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software,”

CCS’12, October 16–18, 2012, Raleigh, North Carolina, USA. (https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)