Nobody needs to be reminded of the severity of the Heartbleed OpenSSL bug. Rather, people are looking for solutions: how to fix it now and how to prevent a similar event in the future. To that end, it's worth looking beyond OpenSSL and bearing in mind it's one of several competing software projects that satisfy many of the same needs.
First candidate: Mozilla's Network Security Services (NSS) library family, available under multiple license arrangements and with a fairly regular cycle of releases, the last debuting in mid-March 2014. Predictably, Mozilla's own applications -- Firefox, Mozilla Suite, Thunderbird -- all use it, but so do a slew of well-known third-party applications: AOL Instant Messenger and many third-party clients for the service; OpenOffice.org 2.0; and numerous Red Hat server products such as Red Hat Directory Server and mod_nss for the Apache httpd Web server.
Previous Topic
