To get over the Heartbleed bug and avoid it from coming back in future, The Linux Foundation has joined hands with some of the biggest tech companies.
For a pledged amount of $100,000 each per year for the next 3 years to this Core Infrastructure initiative, companies like Amazon, Microsoft, Google, Facebook, NetApp, Rackspace, Qualcomm, VMWare, IBM, Intel, Dell, Cisco and Fujitsu have come together.
The monetary contribution from each of these biggies will allow developers to work on open source projects on a full time basis with paymets made towards audits and computing & testing infrastructure.
Jim Zemlin, Executive Director, Linux Foundation, said
“This is not just about the money, but the forum”, and added “Instead of responding to a crisis retroactively, this is an opportunity to identify crucial open source projects in advance. Right now, nobody is having that conversation, and it’s an important conversation to have.”
It is important to know that some researchers noticed an issue with OpenSSL about 2 weeks ago, and therefore The Core Infrastructure Initiative will work on OpenSSL.
It is surprising to know that while over two-thirds of Internet servers make use of OpenSSL encryption tool, the same is managed by only a small group of few volunteers and one full-time developer.
Since fixing the issues is a major concern for all the big and small tech companies alike, a lot of groups and companies have already started to fund security audits for open source softwares.
An example in the same is OpenBSD that has raised about $17,000 to support these audits that will discover and eliminate the security issues completely.