Dev

Everyone uses OpenSSL, but nobody’s willing to fix it — except the Linux Foundation

If you remember the recent Heartbleed outbreak, you probably also remember the sheer panic it induced in the tech industry and users of many popular websites.

The Linux Foundation subsequently created the Core Infrastructure Initiative to help prevent further outbreaks, and today it’s announced two new backers and the first projects getting funding.

As a refresher, a bug named Heartbleed was discovered in the popular encryption library OpenSSL last month. Essentially, the bug meant that attackers could tune into communications between those websites and browsers. OpenSSL is an open-source project, meaning that the Linux Foundation and others in the community are able to work collaboratively to improve its security.

The first projects the CII will fund are Network Time Protocol, OpenSSH, OpenSSL, and the Open Crypto Audit Project (OCAP). OpenSSL will receive enough funds to get two full-time core developers.

The OCAP will get funding to conduct a security audit of the OpenSSL code base, presumably courtesy of Heartbleed which, it turned out, had been around for more than two years before Neel Mehta of Google Security and Codenomicon engineers independently discovered it.

The audit’s high priority is likely due to this fact. OpenSSL is a very popular library, and while someone has to step in and make sure no other bugs are lurking in the shadows, leaving it to a private entity (like a company) would be counter to the idea of open source, hence the foundation’s initiative to help.

“All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today’s global information infrastructure,” said Linux Foundation executive director Jim Zemlin in an official statement.

“CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds,” he said.

Adobe, Bloomberg, HP, Huawei, and Salesforce are also joining the CII’s current backers and founders which include Amazon Web Services, Cisco, Dell, Facebook, Google, Microsoft, Intel, and a few others.

The CII will continue to review and select critical open source projects in need of funding and resources.

More information:

HP is an American multinational information technology corporation headquartered in Palo Alto, California, USA that provides products, technologies, softwares, solutions and services to consumers, small- and medium-sized businesses (SM... read more »

With more than 100,000 customers, salesforce.com is the enterprise cloud computing company that is leading the shift to the social enterprise. Social enterprises leverage social, mobile and open cloud technologies to put customers at t... read more »

Whether it's a smartphone or tablet app, a game, a video, a digital magazine, a website, or an online experience, chances are that it was touched by Adobe technology. Our tools and services enable our customers to create groundbreaking... read more »

Bloomberg, the global business and financial information and news leader, gives influential decision makers a critical edge by connecting them to a dynamic network of information, people and ideas. The company’s strength – deliveri... read more »

Huawei is a leading global ICT solutions provider. Through our dedication to customer-centric innovation and strong partnerships, we have established end-to-end capabilities and strengths across the carrier networks, enterprise, consum... read more »

More than 20 years ago, Linus Torvalds sparked an open source revolution with a short email declaring he was doing a new project “just for fun.” Today, Linux powers 98% of the world’s super computers, most of the servers powering... read more »

Powered by VBProfiles


Mobile developer or publisher? VentureBeat is studying mobile app analytics. Fill out our 5-minute survey, and we'll share the data with you.
0 comments