Linux Foundation Announces Initiative to Avert the Next Heartbleed
The Heartbleed security bug has been called one of the Internet’s biggest security breaches, inspiring widespread anxiety among the general public and IT professionals alike. Heartbleed also inspired the open source community to take action.
In response to the Heartbleed OpenSSL security crisis, The Linux Foundation announced the Core Infrastructure Initiative (CII), a multimillion-dollar collaborative project to fund and support what are deemed critical open source projects. In addition to The Linux Foundation, the initial supporters are marquee names—Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, RackSpace, and VMware—with more expected to join in the near future.
The CII’s efforts will understandably focus on security-related issues, and first on the agenda will be OpenSSL, the project with the security bug that launched this particular butterfly effect across the Internet.
In a story discussing who’s to blame for Heartbleed, Mashable pointed out recently:
OpenSSL, a project that runs on 66% of all web servers, has just one full-time employee. One. It gets worse. In the five years since the OpenSSL Software Foundation was created — as a way to help sustain the OpenSSL project — this important project has never received more than $1 million in gross revenue a year.
Going forward, a CII steering committee will identify projects needing support, and The Linux Foundation itself will administer the funds. According to the announcement, “Support from the initiative will include funding for fellowships for key developers to work full-time on open source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination, and other support.”
Jim Zemlin, executive director of The Linux Foundation, said in a press release:
We are expanding the work we already do for the Linux kernel to other projects that may need support. Our global economy is built on top of many open source projects. Just as The Linux Foundation has funded Linus Torvalds to be able to focus 100% on Linux development, we will now be able to support additional developers and maintainers to work full-time supporting other essential open source projects. We are thankful for these industry leaders’ commitment to ensuring the continued growth and reliability of critical open source projects such as OpenSSL.
Anyone can donate to the Core Infrastructure Initiative fund. If you’re interested, visit https://www.linuxfoundation.org/programs/core-infrastructure-initiative.
