Post Heartbleed, tech giants join initiative to bolster open source

Share this article:
In search of some cheer
In search of some cheer

The multimillion dollar Core Infrastructure Initiative (CII), newly formed in response to the Heartbleed bug, and currently supported by 12 vendors and the Linux Foundation will first tackle improving the security, enabling outside reviews, and boosting responsiveness to patch requests for OpenSSL.

CII, organized by The Linux Foundation and supported by Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, RackSpace, and Vmware, was conceived in the wake of the Heartbleed crisis as an initiative aimed at funding open source projects critical to shoring up the global computing infrastructure and which currently are under-funded.

CII plans to form a steering committee composed of members, developers and other stakeholders in the industry to identify projects and developers that need support, commit funding, ride herd over project roadmaps and approve additional members. The formation of the initiative came less than two weeks after OpenSSL Software Foundation President Steve Marquess made a plea for more funding in an April 12 blog post. "There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work," he posted.

Shared source code has increasingly fueled innovation, the CII said on the Linux Foundation website. And, Google's Chris DiBona, director of engineering for Open Source at the company, in a statement reiterated Google's belief “that an open-source approach to online security will ensure that code is constantly improving, making the web a safer place.”

But shared source code has also become more complex to build and maintain, with many worthy projects landing on the backburner because they don't get the funding they need. The OpenSSL project, for example, has pulled in a mere $2,000 in donations per year.

"Open source software makes today's computing infrastructure possible,” Doug Beaver, engineering director of Traffic & Edge at Facebook, said in a statement.  “This initiative will help ensure that these core components of internet infrastructure get the assistance they need to respond to new threats and to reach new levels of scale.”

The organizations throwing their support behind CII have committed to at least $3.9 million of funding over three years, according to a report from Ars Technica.  

"It sounds promising for critical OSS projects in general and could potentially be a game-changer for the OpenSSL project," the OpenSSL Software Foundation's Marquess told in an email correspondence. "We look forward to seeing what comes next."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.