FOR IMMEDIATE RELEASE: 2017-03-21
Today, the NTPsec Project announced the 0.9.7 release of NTPsec, with assistance from the Mozilla Foundation’s "Secure Open Source" initiative.
NTPsec is an implementation of the “Network Time Protocol” or “NTP”. NTP is how the internet keeps correct time, which is critically important for cybersecurity and for auditing, and is necessary for online finance, cloud computing, media streaming, data storage, email, calendaring, and for keeping the clock on your desktop set.
NTPsec 0.9.7 is offered to open source developers and to government, corporate, and academic IT labs for feedback and code contributions. The project uses modern open source community development practice, including Git distributed version control and permissive open source licensing. Development is driving to a production-ready 1.0 release, and beyond.
NTPsec 0.9.7 incorporates significant improvements in security, accuracy, precision, visualization, and usability, with assistance, contributions, and audits provided by infosec researchers and other technical contributors.
For this release, the NTPsec Project worked particularly closely with the Mozilla Foundation’s "Secure Open Source" initiative, who funded an infosec audit, and with Cure53.de, who provided the audit.
All installations of NTPsec should upgrade, because this release fixes a number of security issues and CVEs that were discovered by Cure53. More information about these issues can be found in the NEWS file in the NTPsec git repository at (https://gitlab.com/NTPsec/ntpsec/blob/master/NEWS), and at the release announcement at (https://blog.ntpsec.org/2017/03/21/version-0-9-7.html).
We also recommend that all users of the Network Time Foundation (NTF) implementation of NTP also upgrade, as the audit also discovered a number of security issues and CVEs in that codebase.