With the recent knowledge that the Heartbleed bug spent two years exploiting vulnerabilities in OpenSSL — the Internet security method used by millions of web servers — the Linux Foundation and prominent technology companies have announced a collaboration to avoid similar problems from happening again.
Open SSL, as well as other open-source projects, allows developers to join a project and collaboration on building free software. The process is designed to avoid issues because developers are reviewing each other’s code. Unfortunately, some of these projects don’t get much support. In the case of OpenSSL, it is estimated that between 60 to 70 percent of the world’s servers use the technology, but the project only receives about $2,000 to fund it. It also only has one staffer working on it full-time, according to NBC News.
In the announcement yesterday, 13 big tech firms — including Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, Rackspace, Qualcomm and VMWare — stated that they will join the Core Infrastructure Initiative. The new organization already has $3.6 million committed from backers. Each company has pledged at least $100,000 a year for the next three years to fund important open-source technology. According to Wired, this non-profit consortium will provide funding for some of the net’s most important projects, letting key developers work on the projects full-time, but also chipping in for security audits, test infrastructure, travel expenses, and other support.
The New York Times reported yesterday that in an interview on Wednesday, Jim Zemlin, the executive director of the Linux Foundation, said the most significant issue was a lack of awareness regarding which open-source projects needed what, something he said the Core Infrastructure Initiative will help address.
“This is not just about the money, but the forum,” Mr. Zemlin said. “Instead of responding to a crisis retroactively, this is an opportunity to identify crucial open-source projects in advance. Right now, nobody is having that conversation, and it’s an important conversation to have.”
The initiative’s backers and members from the open source community will form a steering committee and advisory board that will decide which projects will receive funding. With the spotlight on Heartbleed right now, OpenSSL will most likely be the first project to receive funding, but additional projects will be considered as well.
While open source funding may not be the most glamorous technology, it’s crucial to keeping the internet operating. And now it’s hopefully getting the attention it needs.