[iUsedToCode]

How come the biggest names in IT don't work towards creating a modern, better security library?

It's pennies for them, they wouldn't even see it on the balance. Having security issues slows down business significantly. Non-geeks keep hearing about major bugs in basic security and it surely has a negative effect on the spread of internet and services based on it.

[yalooze]

There is LibreSSL[0] which is a fork of OpenSSL done primarily by the OpenBSD team (it was created as a direct response to Heartbleed).

BoringSSL[1] is Google's attempt.

[0] https://www.libressl.org/ [1] https://boringssl.googlesource.com/boringssl/

[throwaway7767]

LibreSSL is OpenSSL with some of the ugly bits stripped out. It's still aiming for compatibility, and so it retains many of the warts and will continue to do so. It's not a modern library though it may be a bit better than OpenSSL.

BoringSSL is similar, except there you additionally have the problem that google strongly discourages its use by third parties, as they consider it an internal library and semantics can change.

A better example of a modern library would be NaCL or libsodium.

[stephen_g]

That's not accurate - the LibreSSL developers have overhauled the internals fairly substantially in a lot of ways, and they are also making a sensible API on top of it (libtls).

[gbrown_]

> it was created as a direct response to Heartbleed

The reason for the fork was not Heartbleed itself but the crazy memory allocation done behind the scenes.

https://youtu.be/GnBbhXBDmwU?t=308

[Anthony-G]

I haven’t paid much attention to LibreSSL since the project started but I recently downloaded the source code for OpenSSH and was very impressed with how clean and readable the code for ssh-keygen is. After seeing that, I’d have a more confidence in the OpenBSD team; they already have a great reputation for security but looking at their actual output impressed me more. (Maybe, some day I’ll explore free Unix-like operating systems other than GNU/Linux.)

[nickpsecurity]

There are. They just ask for significant licensing fees to cover the work they did. Licensing fees most users of cryptography have no interest in paying. ;) Others are dual-licensed with little uptake.

An early example was Guttman's cryptlib which is dual-licensed:

https://en.wikipedia.org/wiki/Cryptlib

Note: An interesting feature of it is that it embeds a security kernel that tries to ensure the algorithms are composed correctly.

Another dual-licensed one that seemed to at least have better code quality was PolarSSL used in Fox-IT's OpenVPN-NL project and partially verified by TrustinSoft's analyzer:

https://tls.mbed.org/features

MatrixSSL is another one aiming at small, efficient execution:

https://www.insidesecure.com/Products-Technologies/Protocol-...

Save the best for last in Amazon's s2. It has much potential coming from the combo of simplicity, design-for-verification, and actual reviews by pentesters:

https://github.com/awslabs/s2n

Note: There's also quite a few designed for robustness in smartcard industry. The EAL5+ one from IBM's Caernarvon team is likely to be high quality. The thing is we can't review them but we can review above code. So better to go with above. Also recall this list is of commercial replacements for SSL in addition to others' recommendations on LibreSSL, BoringSSL, etc.

[brians]

It's 5-10 person-years of work, depending on where you draw the finish line, "just" to do something like BoringSSL. miTLS is at least five times that, and even there I'm assuming you start with people like Bhargavan and Fournet---both world class, people who've spent decades getting to the point where they can do this with 25 person-years.

That shows up on the balance sheet of the security-infrastructure team even of Microsoft or Google.

[lmm]

It's a coordination problem. If one company started trying to do it, they'd end up having to fund development while everyone else free-rode. And fundamentally there simply isn't that much money lost to security issues yet.

[itsdude]

I would think they don't want to do it because they don't want to support it. Even though they are capable of creating it, they are then responsible for keeping it updated.