OpenSSL After Heartbleed - Lessons Learned and Project Improvements

Explore the aftermath of the Heartbleed vulnerability in this insightful conference talk by OpenSSL team members Rich Salz and Tim Hudson. Delve into the significant changes implemented within the OpenSSL project following the discovery of a simple programming mistake that led to a "re-key the Internet" event. Learn about the expanded team, increased transparency, more rigorous development processes, and greatly enhanced vitality of the project. Gain valuable insights into system security, the nature of the Heartbleed bug, and its impact on the most widely-deployed TLS library in the world. Discover the steps taken to prevent similar issues in the future, including the involvement of the Core Infrastructure Initiative. Understand the project's roadmap, increased vitality, and future plans for OpenSSL. Benefit from the speakers' extensive experience in system security, cryptography, and open-source development as they share lessons learned and ways to contribute to the project.

Intro
Internet Date
Heartbleed
Cartoon
Transparency
How many catastrophic bugs do occur
The nature of the bug
What actually happened
The bug
Why would they close
Github stats
How did we let this happen
How to not break things
What happened
Before Heartbleed
The CII
Core Infrastructure
Defect Tracking System
Project Roadmap
Increased Vitality
Future Plans
Fitz Validation
Phipps Validation
Next Voyage
What have we learnt
How to contribute
Make them stand
Questions