I've been a member of the Announcement Notifications mailing list for a while, but am a new member of the general discussion mailing list for pfSense.
Hi. Can anyone tell me if pfSense (and/or BSD) has undergone a) A public security audit (or audits) similar to the TrueCrypt audit, and/or b) If work is provided to the pfSense project by teams similar to Linux Foundation's OpenSSL support ( http://www.linuxfoundation.org/news-media/announcements/2014/05/core-infrastructure-initiative-announces-new-backers )? I don't doubt the security and authenticity of pfSense (and I personally love it, evangelize about it, use it, and deploy it into several of my clients' locations if they don't already have it). I also realize that work provided to a specific project like OpenSSL is a different undertaking than something so large as the pfSense project (given 1 is simply a library, and another is a huge project that relies on several libraries and applications). However, given the recent issues that have come to light about OpenSSL (Heartbleed, and now the most recent vulnerability with the CCS Injection - http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html ), as well as revelations about the NSA's roles in implementing and creating weaknesses in encryption and security software, I was curious if this has been discussed. Thanks, David -- David White Founder & CEO *Develop CENTS * Computing, Equipping, Networking, Training & Supporting Nonprofit Organizations Worldwide http://developcents.com
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
