Project Lead: Susan Sons
- Randy Heiland
- Mark Krenz
- Gary Miller
- Eric Raymond
- Vineeta Sangaraju
- Amar Takhar
ISSI’s inaugural project is to bring NTP, the reference implementation of the Network Time Protocol, into line with modern development practices and patch some long-standing vulnerabilities to give the project a solid base from which to grow into the secure software it ought to be.
Network Time Protocol is critical for our modern shared computing world; its timestamps help prove equity firms make correct trades and allows information security professionals to correlate activity logged on different systems. It synchronizes the clocks for air traffic control, and companies across the world use it to precisely time automated factory operations, among many other vital responsibilities. Failure of NTP would cause large parts of the internet to just stop working.
We’ve migrated NTP from an antiquated, closed-source revision control system that limited access to the development history and moved the code base to git, where anyone can easily review both stable and development versions of the code dating back to 1999. Now that the development history has been liberated, staff from CACR/CTSC and ICEI are working to provide the project with added static analysis facilities, a robust test suite, and enough vulnerability patching to get the project a chance at a fresh start. We’ll also provide a road map to aid NTP community members in integrating these positive changes and building on them. Like all of ICEI’s work, our NTP patches will be developed in the open, and published under an appropriate open source license for anyone to review and use.
Work on NTP Rescue is being coordinated in #icei on irc.freenode.net.
This page will have information on news and developments as it becomes available.