LGPL

The two year old HeartBleed bug that was recently discovered in OpenSSL and that affects millions of internet users, reveals a similar problem that could have a serious impact on the way we look at open source software. Companies such as Cisco have built expensive applications on top of OpenSSL. Security consultants have been paid good money to guarantee that OpenSSL was safe. But the OpenSSL project itself was driven by a core of only four unpaid volunteers. The German engineer Robin Seggelmann is now taking the blame for the error. His code was verified by Dr. Stephen Henson who overlooked the bug. It would be unfair to blame these two individuals for the problems caused by Heartbleed. They made two mistakes. The second mistake was a minor error in their code. Although this error took huge proportions, they should be forgiven for that error. Their first mistake was their choice to make their code available under the Apache Software License. That mistake is more problematic.

Read More »