Industry Leaders Respond To ‘Heartbleed’ Crisis With Infrastructure Drive

A list of major technology companies have joined the Linux Foundation to provide targeted funding for critical open source projects, in the wake of the chaos caused by the “Heartbleed” bug in OpenSSL.

The multi-million-pound Core Infrastructure Initiative (CII) is backed by Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, RackSpace and VMware, with more expected to join in the coming weeks.

Heartbleed crisis

The initiative was formed following the discovery of the Heartbleed flaw in OpenSSL, which affected broad portions of the Internet’s infrastructure.

The crisis highlighted the fact that such open source technologies, while widely used, do not receive funding on a scale in line with their importance, according to the Linux Foundation.

“Too many critical open source software projects are under-funded and under-resourced,” the organisation stated. It said the OpenSSL project has in past years received about $2,000 (£1,260) per year in donations.

The CII is intended to provide backing for selected projects without changing the community-oriented open source development model currently in place.

OpenSSL funding

OpenSSL will be the first to receive funding, including fellowship funding for key developers and other resources for improving security, enabling outside reviews, and improving responsiveness to patch requests.

A steering committee of CII members, developers and industry representatives will identify projects, approve funding, oversee project roadmaps and add additional members.

“We are thankful for these industry leaders’ commitment to ensuring the continued growth and reliability of critical open source projects such as OpenSSL,” said the Linux Foundation executive director Jim Zemlin in a statement.

Are you a security pro? Try our quiz!