OpenBSD code audit uncovers bugs, but no evidence of backdoor

A happy update to the OpenBSD / FBI Backdoor story:

OpenBSD project leader Theo de Raadt disclosed an e-mail earlier this month in which former NETSEC CTO Gregory Perry claimed that his company was paid by the FBI to plant a “backdoor” in the OpenBSD IPSEC stack. The allegations led to a thorough code review and historical analysis of the relevant code.

In a follow-up e-mail published this week, de Raadt outlined his current perspective on the controversy and his interpretation of the findings that have emerged from the ongoing code audit. Reviews are being conducted on the history and provenance of code in the IPSEC stack as well as the current implementation. Reviewers have uncovered several bugs that could have security implications, but the nature of the bugs suggests that they were not intentional, nor were they intended to facilitate a backdoor.

via OpenBSD code audit uncovers bugs, but no evidence of backdoor.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s