OpenSSL is a security library that millions of applications use and 70% of the top million websites rely on. It is used on web servers, in browsers in operating systems and apps around the world. This specific version of OpenSSL is extremely important because it upgrades to TLS verison 1.3, which is the first major revision to security standards for encryption in over 10 years. This means that large blocks of entirely new code have been created to support this new standard.
We need to verify that all of the changes to OpenSSL that are taking place to accommodate TLS 1.3 don't introduce new vulnerabilities. Here is some information on our OpenSSL 1.1.1 audit: https://ostif.org/the-openssl-1-1-1-audit-fundraising-has-begun/
The Open Source Technology Improvement Fund is a 501(c)3 charity that focuses on scientific security research for free software. We have a long track record of accomplishing great work on a budget, with thousands of hours of security review and a long list of bugs fixed. You can view our mission, our track record, and our plans for the future on our website.
You can also get news and information about OSTIF and the open source community by following us on Twitter at @ostifofficial .
