The NTP Classic codebase had accumulated serious vulnerabilities. We’ve worked overtime to identify and plug the critical holes; more needs to be done on the lesser ones. Our goal is to reach the exceptionally low defect-per-thousand-hour rates of GPSD and RTEMS; we have the people and the skills to do it.
Antoine de Saint-Exupéry famously said "Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." This is our project motto. The more code we can throw away, the fewer potential vulnerabilities and complexity issues we will have. There are many opportunities here; see our removal plans, and holler if we’re removing something you need.
We’ve already made major gains in maintainability and code re-use by moving all our production scripting to Python. One of our goals is to move all code that isn’t realtime-critical out of C to improve maintainability and decrease vulnerability to overrun bugs and other classic C snafus.
The NTP Classic project slid into decline, developing serious vulnerabilities it was unable to effectively address, because it made choices that closed it off from the wider open-source community. NTPSec was forked in large part to reverse those choices. We want more community participation, more open-source code review, and we even welcome drive-by patches to address point problems.
Precision clock sources are tricky things, and testing in a simulation environment has limits. We aim to build a lab where we can remote-control refclocks and a network of ntpd instances for live testing. This will take money: see Getting Involved for how you can help.
Network Time Protocol is unhealthily entangled with IPv4. As address exhaustion forces the world towards IPv6, this needs to be fixed.
Languages which may seriously challenge C as the lingua franca of systems work are beginning to appear. Their most important advantage is they they enforce code-correctness properties that eliminate large classes of the low-level bugs C is prone to. The codebase we inherited was so large and grotty that moving to any of these would have been impractical, but the codebase we have now is a different story. It may be worth trying…