Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

NSN to protect OpenSSL Project from Heartbleed-like vulnerabilities

Nurdianah Md Nur | April 29, 2014
The mobile broadband provider will donate over US$50,00 over a period of two years to help OpenSSL keep vulnerabilities at bay.

Mobile broadband provider Nokia Solutions and Networks (NSN) has pledged to donate a substantial amount to support the OpenSSL Project in its fight against future vulnerabilities similar to the Heartbleed bug.

Discovered on April 7, the Heartbleed bug was a flaw in OpenSSL that has lurked on the Internet for at least two years. As OpenSSL is a popular cryptographic software that is used by websites to secure data on the Internet, the Heartbleed bug enabled hackers to steal information from those sites.  

NSN's contribution will be made over two years and place it as OpenSSL's first platinum sponsor, according to a joint media release. According to the OpenSSL Software Foundation website, a platinum sponsor is one that donates a minimum of US$50,000 per year. 

"This is by far our largest donation to date, highlighting NSN's position as an industry leader in safeguarding security," said Steve Marquess, co-founder and president of the OpenSSL Software Foundation.

NSN's other security efforts
Besides donating to the OpenSSL Project, NSN plans to launch a Mobile Broadband Security Centre in Berlin to help improve the security of open source software, which is increasingly used in mobile broadband networks.  NSN will utilise the security facilities to help safeguard customers and the mobile network industry, as well as support further strengthening of the important cryptographic functionality.

Moreover, NSN is now implementing a centralised team to ensure that robust security is integrated in all its development and execution processes and throughout its wide Mobile Broadband portfolio.

Specific to the Heartbleed bug, NSN has assessed its own portfolio in depth for the vulnerability and is finalising plans to roll out the required updates for the small number of products where potential vulnerabilities were identified.


Sign up for Computerworld eNewsletters.