Tech giants throw money at OpenSSL in response to Heartbleed

Crucial open-source projects including OpenSSL will get at least $5.4 million in funding over three years.

OpenSSL is getting funded for two full-time developers and a security audit in an attempt to prevent another devastating bug like Heartbleed.

The money is coming from the Core Infrastructure Initiative (CII), a group of tech companies that came together last month in response to Heartbleed. At the time, CII said that each company would contribute at least $100,000 per year to crucial open-source projects over at least a three-year span, but the group didn't say how it would distribute the funds.

In a press release , the group announced that OpenSSL will get enough money to hire two full-time developers. The Open Crypto Audit Project will also receive funds for a security audit of OpenSSL.

Money is also going to OpenSSH, a set of programs that mainly allows for secure remote logins to Unix-based systems, and to Network Time Protocol, which synchronizes the timing of networked computers. The Linux Foundation will be in charge of distributing the funds.

Many websites and applications rely on OpenSSL to keep communications secure over the Internet. But since 2011, an undetected flaw in the code had theoretically allowed attackers to eavesdrop on these communications.

When researchers disclosed the bug in April, giving it the nickname Heartbleed, it triggered a mad scramble by Web developers to make their sites secure again. It also exposed how ill-equipped OpenSSL was to stamp out bugs. At the time, the group only had one full-time developer, with other developers only contributing contract-based work in their spare time.

Although CII didn't specify how much money each open-source project would get, in total the group will contribute at least $5.4 million over three years, according to Ars Technica. That's up from a previously reported figure of $3.6 million, as more tech companies have joined the group recently.

The current membership includes Adobe, Amazon Web Services, Bloomberg, Cisco, Dell, Facebook, Fujitsu, Google, HP, Huawei, IBM, Intel, Microsoft, NetApp, Rackspace, and Vmware.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags open sourcesoftwareThe Linux FoundationHeartbleedCore Infrastructure Initiative

More about Adobe SystemsAmazon Web ServicesAmazon Web ServicesBloombergCiscoDellFacebookFujitsuGoogleHPHuaweiIBM AustraliaIntelLinuxMicrosoftNetAppNetAppNetAppRackspace

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Jared Newman

Latest Videos

More videos

Blog Posts