NIST announced it has removed the Dual EC DRBG random number generator from a draft guidance on RNGs; the move could become official next month after a public comment period expires.
After the dust had started to settle in the wake of the OpenSSL Heartbleed vulnerability earlier this month, one of the common sentiments that emerged was that the small group developing and maintaining the software needed some help. And money. And resources. But mostly money. Now, the OpenSSL Foundation, along with a number of other[...]
Developers who produce apps intended for use on internal networks at government agencies are getting a vetting process of their own called AppVet.
Google announced it will add additional security checks to log-in attempts from applications or devices that do not support OAuth 2.0.
LibreSSL, a fork of OpenSSL, has already made “improvements” in OpenSSL programming practices according to OpenBSD officials.