CyberSecurityBoard
Sponsor Register Login

OpenSSL Is Hiring

OpenSSL is hiring for a mid level engineer to join our team.
We are seeking a Software Engineer to join our team.
As a Software Engineer at OpenSSL, you will play a vital role in sustaining and evolving the core cryptography and network protocol functionality that enables secure communication across the internet.
Your day-to-day tasks will include analyzing and solving complex software problems, collaborating on the design and implementation of secure solutions, and writing and maintaining detailed technical documentation.
The OpenSSL Project develops and maintains the OpenSSL software - a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication.
As an open-source endeavor, OpenSSL benefits from a global community of contributors who help to improve and secure the software.
While OpenSSL is not a large organization, its work forms a crucial part of the infrastructure that makes secure online communication possible.
Contribute to the development, maintenance, and enhancement of the OpenSSL toolkit.
Collaborate with the engineering team to design and implement secure software solutions using C. Review, debug, and resolve technical issues.
Stay up-to-date with standards, industry trends, emerging technologies, and potential impact on the OpenSSL toolkit.
Assist in ensuring that the software complies with OpenSSL project standards.
Maintain transparency in decision-making and project development.
Solid C programming experience and proven ability to write clean, efficient code.
Experience in multi-threaded programming and system-level programming.
Experience working in Linux/Unix development environments.
Experience working in distributed SCM tools, like GIT. Demonstrated ability to debug, troubleshoot, and resolve technical issues.
Understanding of secure software development principles.
Experience working in Windows and MacOS X environments.
Experience with using the OpenSSL library or other security libraries.
Experience working on open-source software projects.


This Cyber News was published on www.openssl.org. Publication date: Sun, 26 May 2024 19:13:08 +0000


Cyber News related to OpenSSL Is Hiring

Cybersecurity For Remote Hiring: How To Ensure Data Protection - Remote hiring is surging, reshaping how companies attract and onboard new talent. According to IBM's 2023 Cost of a Data Breach report, the global average data breach cost in 2023 was $4.45 million, a 15% increase over three years. The urgency for ...
10 months ago Forbes.com
CVE-2022-1434 - The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being ...
1 year ago
OpenSSL Is Hiring - OpenSSL is hiring for a mid level engineer to join our team. We are seeking a Software Engineer to join our team. As a Software Engineer at OpenSSL, you will play a vital role in sustaining and evolving the core cryptography and network protocol ...
5 months ago Openssl.org
CVE-2021-23841 - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while ...
11 months ago
CVE-2020-1971 - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they ...
2 years ago
OpenSSL 3.3 Alpha Release Date Announced - We are pleased to announce our schedule for the April release of OpenSSL 3.3. In accordance with our adoption of biannual time-based releases following the release of OpenSSL 3.2, this will be our first time-based release. An alpha of OpenSSL 3.3 ...
8 months ago Openssl.org
Adding OpenSSL Generated Certificates to Your Server: A Comprehensive Guide - Utilizing SSL/TLS certificates to encrypt data transferred between your server and clients is one of the fundamental components of server security. The process of adding OpenSSL-generated certificates to your server will be covered in detail in this ...
10 months ago Feeds.dzone.com
The 20 Most Popular TechRepublic Articles in 2023 - 20 Most Popular TechRepublic Articles in 2023 Here's a list of the 20 most popular articles published by TechRepublic in 2023. Read articles about ChatGPT, Google Bard, Windows 11 and more. This year, developments in generative AI dominated the tech ...
10 months ago Techrepublic.com
CVE-2019-1552 - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / ...
1 year ago
White House Revamps Cybersecurity Hiring Strategy - At a gathering in the Community College of Baltimore County, he shared a simple yet powerful message: the world of cybersecurity jobs needs to open its doors wider. To secure our nation's cyberspace, we need to make cyber jobs more available and ...
10 months ago Heimdalsecurity.com
CVE-2021-3712 - ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the ...
1 year ago
CVE-2021-23840 - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value ...
11 months ago
CVE-2020-36164 - An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the ...
3 years ago
CVE-2023-2650 - Issue summary: Processing some specially crafted ASN.1 object identifiers or ...
9 months ago
CVE-2021-23839 - OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. ...
1 year ago
CVE-2021-3449 - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but ...
2 years ago
CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation ...
11 months ago
CVE-2006-4343 - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer ...
6 years ago
CVE-2020-36162 - An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows ...
3 years ago
CVE-2021-4160 - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered ...
2 years ago
CVE-2021-4044 - Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return ...
11 months ago
CVE-2021-3450 - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly ...
1 year ago
OpenSSL Providers Workshop: Authors Track - Please join us next week for part two of the workshop: Live OpenSSL Providers Workshop: Authors Track. As with the Users Track, we will be hosting two sessions of the Authors Track at different times to allow people from different time zones to be ...
11 months ago Openssl.org
CVE-2017-3737 - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to ...
5 years ago
CVE-2020-36168 - An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)