A new Google program OSS-Fuzz is aimed at continuously fuzzing open source software and has already detected over 150 bugs.
A new CII Best Practices Badge program will help companies, interested in adopting open source technologies evaluate projects based on security, quality and stability.
The Core Infrastructure Initiative, which has funded OpenSSL among other open source security projects, announced a badge program that evaluates secure development best practices.
The Linux Foundation’s Core Infrastructure Initiative announced it was releasing to open source data from the Census Project, which uses metrics identify under-resourced open source projects at risk.
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.
NCC Group Cryptography Services announced it will shortly begin an audit of OpenSSL.