Jump to content

Exclusive: 'Robust' code checking helps protect OpenStack from Heartbleed-style security snafu, says OpenStack Foundation


Recommended Posts

Posted
Exclusive: 'Robust' code checking helps protect OpenStack from Heartbleed-style security snafu, says OpenStack Foundation

Open source cloud OS OpenStack is at a reduced risk of a Heartbleed-style security incident due to its community's "robust system" for identifying errors in contributed code, according to the OpenStack Foundation.

The Heartbleed Bug is a serious flaw in the open source OpenSSL security protocol that allows attackers to expose the information of people visiting websites running on affected servers. It was created following a coding error by a German developer.

Speaking to TechRadar Pro at the OpenStack Summit in Paris, foundation executive director Jonathan Bryce said that the OpenStack testing system ran two million tests on code in the six-month release cycle leading up to the launch of Juno, the 10th and latest version of the platform.

He said: "Heartbleed was a very big vulnerability. The team that's responsible for OpenSSL has really smart guys, but they didn't have a huge support network around them, the type that allows you to dedicate the resources you need. On the other hand, OpenStack has a massive community and a dedicated security team, along with companies that spend millions of dollars to test and develop on it.

"From the foundation's perspective, we make sure that we help to put the frameworks and systems in place to keep those groups operating, functioning and sharing information."

Check point

According to Bryce, every piece of code contributed toward OpenStack goes through a set of automated tests before being reviewed by experienced developers called core reviewers who are elected by their OpenStack peers.

He continued: "Following automated tests, two core reviewers have to approve the contribution (or patch), which then re-enters a testing environment to check that nothing has changed in the time that it has been reviewed. If that all works then it finally enters the source tree.

"It's a very robust system and a really cool process that anybody can see happening online in real-time on our website if they want to."

mf.gif


rc.img
rc.img
rc.img

a2.imga2t.imgDxD9331PEQ8

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.