alpha-omega icon indicating copy to clipboard operation
alpha-omega copied to clipboard
verified publisher icon ossf

GRANT RECIPIENTS: Unclear description for OpenSSL

Open Chealer opened this issue 1 year ago • 0 comments

The entry for OpenSSL in the Alpha grant recipients for 2023 reads:

OpenSSL is a globally distributed cryptography library touching nearly every industry in the world.

In 2023 OpenSSL was granted $127,000 for the purpose of assessments that will be performed by teams of Trail of Bits security consultants for a total of eight engineer-weeks of effort. The secure code review, including fuzzing enhancements, will be performed over a four calendar-week period, for a total of eight engineer-weeks.

This is largely unclear. In particular, please clarify:

  1. What does "globally distributed" mean?
  2. What type of dollars does "$" designate?
  3. What will the scope be? Is it a review (assessments), or does it actually include enhancements?

Chealer avatar Apr 02 '24 04:04 Chealer