Google's new Project Wycheproof will let software engineers look for previously known flaws in their open source cryptographic libraries.
Google has released a set of tests that developers can use to check some open source cryptographic libraries for known security vulnerabilities.
The company has named the set of tests Project Wycheproof, after a mountain in Australia, which has the distinction of being the world's smallest registered mountain.
"The main motivation for the project is to have an achievable goal," Google security engineers Daniel Bleichenbacher and Thai Duong.
The engineers wrote that Project Wycheproof is designed to help developers catch subtle mistakes in open source cryptographic libraries that, if left unaddressed, can have catastrophic consequences. Such mistakes can be repeated too often and become prevalent wherever the encryption is implemented they noted.
Wycheproof help developers and researchers find critical issues like SQL injection errors and buffer overflows in some of the largest and most widely-used open source projects and components in the world.
Source@eWeek
