Tech giants spend big to avoid another Heartbleed

Heartbleed
Never too late: OpenSSL finally gets decent funding

Google, Microsoft, Facebook, Intel, Dell and others have joined forces with the Linux Foundation to fund a new group dedicated to preventing another Heartbleed security disaster.

The new Core Infrastructure Initiative will see some of the world's top technology companies collaborate to offer financial resources to poorly underfunded open source projects like OpenSSL, so that more people can be hired to find critical errors in the code.

To show just how poorly funded some open source projects are, OpenSSL received just $2,000 (£1,190, AU$2,150) in donations per year in recent years.

In contrast, each of the founding members of the Initiative will donate $300,000 (£180,000, AU$323,000) per year over the next three years, according to the BBC. So far $3 million (£1.8 million, AU$3.2 million) has been amassed.

Starting strong

The founding members include Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and the Linux Foundation.

Initially the focus will be on funding OpenSSL, but after that the money will go to various other open source projects so that there can be more developers, more security audits, more testing, and generally more proactive efforts to ensuring security.

"Maintaining the health of the community projects that produce software critical to the security and safety of Internet commerce is in everyone's interest," said Professor Eben Moglen of Columbia Law School, Founding Director of the Software Freedom Law Center.

"The Linux Foundation, and the companies joining this Initiative, are enabling these dedicated programmers to continue maintaining and improving the free and open source software that makes the Net work safely for us all. This is business and community collaboration in the public interest, and we should all be grateful to The Linux Foundation for making it happen."

Via PC Pro