ZDNet

Google takes OpenSSL and turns it into BoringSSL

Google announced over the weekend that it had taken the OpenSSL codebase, and forked it to create a new project dubbed BoringSSL. In the past, Google had taken OpenSSL and rebased its custom patches ...
Threat Post

OpenSSL Patches Critical Certificate Validation Vulnerability

A high-severity bug in OpenSSL was disclosed today, and it affects only organizations that installed an update released in June, and allows anyone with an untrusted TLS certificate to become a CA.