In Heartbleed's wake, tech titans launch fund for crucial open-source projects

Major companies benefiting from open source projects like OpenSSL are better off paying a pittance to support their development.

When the OpenSSL Heartbleed bug surfaced earlier in April, many people were shocked to discover that one of the most critical pieces of online infrastructure was so poorly supported.

Despite OpenSSL's wide use as a means of securing websites, the OpenSSL Software Foundation had just one full-time employee and received only $2,000 in donations every year.

Arguably, the Heartbleed bug that exposed password and other user data could have been avoided if only OpenSSL had broader financial support. Now, a group of major technology companies is teaming up with the Linux Foundation to do just that.

On Thursday, Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation announced the Core Infrastructure Initiative (CII).

As its name suggests, the CII will work together to identify essential open source projects in desperate need of financing. The group aims to provide funds to these projects to allow lead developers to work full-time on the project. CII support will also be used to pay for security audits, hardware and software infrastructure, travel, and other needs.

While the CII will provide the funding, individual projects will continue to operate "under the community norms that have made open source so successful."

The CII hasn't committed to any specific projects yet, but not surprisingly OpenSSL will be the first project considered for funding. Despite any official announcement of support, it would be shocking if OpenSSL wasn't funded since the Heartbleed bug is what prompted the CII in the first place.

The Linux Foundation will administer the funds for the CII in cooperation with a steering committee that includes backers of the CII as well as "key open source developers and other industry stakeholders."

The Linux Foundation didn't say how much money was involved in the CII, but a report from Ars Technica says the group has committed to at least a three-year initiative and $3.6 million in funding. That works out to about $100,000 per year from each company--a funding level that isn't even a rounding error for most of these corporations, but a massive infusion for open-source projects.

Hopefully, the CII will prove its value over the next three years and convince the member companies to commit to the initiative for the long term, as well as convince other companies to join the cause.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags open sourceMicrosoftGoogleFacebookDellIBMsoftwareamazonAmazon Web ServicesHeartbleed

More about Amazon Web ServicesAmazon Web ServicesCiscoDellFacebookFujitsuGoogleIBM AustraliaIntelLinuxMicrosoftNetAppNetAppRackspaceVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Ian Paul

Latest Videos

More videos

Blog Posts