OpenBSD founder Theo de Raadt has announced plans to fix the code behind OpenSSL, the open source cryptography program exploited by the Heartbleed vulnerability. However, rather than simply update the existing project, de Raadt has chosen to fork the code with a new project known as LibreSSL.
“Our group removed half of the OpenSSL source tree in a week. It was discarded leftovers,” explained de Raadt. “The Open Source model depends [on] people being able to read the code. It depends on clarity. That is not a clear code base, because their community does not appear to care about clarity. Obviously, when such cruft builds up, there is a cultural gap. I did not make this decision… in our larger development group, it made itself.” He added that OpenSSL included “thousands of lines of APIs that the OpenSSL group intended to deprecate 12 years or so ago.”
The LibreSSL project is calling on corporations that have used OpenSSL in the past to support the project with funds and coding help.