{"id":9211,"date":"2019-11-30T08:24:26","date_gmt":"2019-11-30T16:24:26","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/blog\/?p=9211"},"modified":"2024-01-23T14:28:25","modified_gmt":"2024-01-23T19:28:25","slug":"computer-security-day","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/blog\/computer-security-day\/","title":{"rendered":"National Computer Security Day – How Volunteers Fixed The Worst Vulnerability On The Web"},"content":{"rendered":"\n
\"National<\/figure>\n\n\n\n

\nNovember 30th is Computer Security Day. It’s easy to take for granted how networks and technology have made life much easier. And it’s even easier to go by without even noticing how much of our daily lives on the Internet rely upon security protocols invented and maintained by people we’ve never heard of. We can’t thank these people if we don’t even know who they are.\n<\/p>\n\n

\n

<\/a>How OpenSSL Opened The Web For Business<\/h2>\n
\n

\nIt’s difficult to remember a time in which purchasing products online was little more than a pipe dream. Now, credit card transactions can be securely transmitted across the web without anyone’s data being compromised. A set of encryption tools developed in the late 1990s makes this possible. OpenSSL took the complicated task of encrypting data and made it easier for developers all over the world to adopt into their programs. And a small team of volunteers made it happen. Yes, volunteers<\/i>.\n<\/p>\n<\/div>\n<\/div>\n\n

\n

<\/a>People Do Free Development?<\/h2>\n
\n

\nIt’s hard to imagine large teams of developers all over the world contributing free labor to maintain some of the world’s most important software tools. In many cases, contributing code to these projects is considered a public service. Some of the developers are professionals who contribute in their free time, some are students honing their craft, and some are god-knows-what. \n<\/p>\n\n

\nIt’s fair to ask, what if there’s a bug in OpenSSL? What are the incentives for these unpaid volunteers to fix it? No need to wonder about that when you consider the history of the “worst vulnerability found\u2026since commercial traffic began to flow on the Internet.”1<\/a><\/sup>\n<\/p>\n<\/div>\n<\/div>\n\n

\n

<\/a>The Heartbleed Story<\/h2>\n
\n

\nDevelopment of OpenSSL continued in virtual obscurity. Outside of software engineering and national security circles, few people even knew what it was. But the project was soon to gain some national attention in the form of a bug nicknamed “heartbleed” discovered by an engineer at Google. Heartbleed, if exploited, could potentially allow hackers to gleen sensitive data (like credit card numbers and email addresses) being exchanged across the web.\n<\/p>\n\n

\nA U.S. Department of Defense security consultant named Stephen Marquess, who had also contributed code to the project, helped create the OpenSSL Foundation in order to generate funds to keep OpenSSL alive. Marquess made a public call for support for the team to prevent future bugs from escaping detection for as long as heartbleed did:\n<\/p>\n\n

\n

\n“These guys don’t work on OpenSSL for money. They don’t do it for fame (who outside of geek circles ever heard of OpenSSL until “heartbleed” hit the news?). They do it out of pride in craftsmanship and the responsibility for something they believe in.”\n<\/p>\n<\/blockquote>\n<\/div>\n<\/div>\n\n

\n

<\/a>How You Can Help Support Open Source Security Projects<\/h2>\n
\n

\nHeartbleed turned out to be a blessing in disguise. The discovery of the bug generated more monetary support for the OpenSSL project. But the future may hold new complications. The open source business model\u2014or lack thereof\u2014makes it difficult to guarantee funding for important projects. You can donate to the OpenSSL project<\/a> through their website, but there are many more software tools out there lacking the support to survive. \n<\/p>\n\n

\nIf you’re interested in supporting open source projects, here’s where you can start:\n<\/p>\n\n