HeartBLEED OpenSSL?

Hey Logan,

 

What's going on with OpenSSL? I've been paying some attention to it, and I understand what it is basically is - it's an open standard for encryption, and the bug allows people who take advantage of it to see what your doing.

 

My question, basically is, why is only two people in charge of updating OpenSSL (http://mobile.theverge.com/2014/4/27/5658368/two-men-are-tasked-with-taking-care-of-openssl)? I thought, with open standards, that the entire community updates and helps to maintain it?

Finally, because it's very complex - you have to be protected on your end, the end of the web site and your router -- what's the best way to stay protected?

 

Thanks!

 

Basically those two guys are in charge of making final decisions. They don't actually have to do all the work. They screen patches before committing them to the source tree. You can't let just anybody have commit access. The article linked to by that summary has some pretty good details, if you didn't read it already.