Open-Source Software Funding To Stop Bugs Like Heartbleed

The Linux Foundation, along with big names such as Google and Intel, is starting a group to help fund open-source software projects like OpenSSL.

Open-Source Software Funding To Stop Bugs Like Heartbleed

The Linux Foundation has announced a funding initiative for OpenSSL and other open-source software projects with the support of big-name Internet companies.

The Core Infrastructure Initiative will identify and help fund the construction, maintenance and developments of open-source software projects. (Via The New York Times)

Participants include companies from Amazon, Facebook and Google to Cisco, Intel and Rackspace. Each company will kick in $100,000 a year for three years and designate representatives to sit on a steering council responsible for allocating the funds. (Via The Linux Foundation)

Total: $3.9 million over three years. First beneficiary: OpenSSL, the widely used open-source security software that carried Heartbleed.

Analytics company Netcraft indicates as of April 2014 more than 66 percent of Internet servers relied on some version of OpenSSL.

That's quite the track record for software overseen by just a handful of individuals and developed by volunteers. Its annual budget has reportedly been around $2,000. (Via OpenSSL)

The Core Infrastructure Initiative will help pay for critical maintenance, like code audits. The more eyes there are checking over software code, the more likely it is someone will spot flaws and vulnerabilities like Heartbleed before they can cause major damage.

For something like OpenSSL, this could amount to critical support. The developer who was ultimately responsible for Heartbleed told The Guardian earlier this month: "OpenSSL is definitely under-resourced for its wide distribution. It has millions of users but only very few actually contribute to the project."

And some of the headlines suggest this is less about bleeding-heart developer support and more about Heartbleed-proofing one's bottom line. (Via Ars Technica, The Verge)

"The contributions come out of enlightened self-interest. Heartbleed hurts all these tech vendors because it spooks consumers and makes them wary of using web-based applications." (Via GigaOM)

The Linux Foundation is expecting more companies to sign on in the coming weeks and months. Individuals can learn more and contribute themselves at the foundation's website.