Jump to content

Group Backed By Google, Microsoft To Help Fund OPENSSL And Other Open Source Projects.


Recommended Posts


After the dust had started to settle in the wake of the OpenSSL Heartbleed vulnerability earlier this month, one of the common sentiments that emerged was that the small group developing and maintaining the software needed some help. And money. And resources. But mostly money. Now, the OpenSSL Foundation, along with a number of other open source projects, will be getting some much-needed help from some of the largest tech companies in the industry.

A new consortium, known as the Core Infrastructure Initiative and comprising The Linux Foundation, Microsoft, Facebook, Amazon, Dell, Google and several other large vendors, is putting together a multimillion dollar fund that will be available to help fund various open source projects that are vital to the Web’s security and stability. OpenSSL is the first project under consideration to receive funds.

The money flowing from the Core Infrastructure Initiative is meant to help open source projects, which often are small and run by volunteers or part-time developers, fund full-time developers, as well as security audits and other key initiatives.

“Maintaining the health of the community projects that produce software critical to the security and safety of Internet commerce is in everyone’s interest,” said Professor Eben Moglen of Columbia Law School, Founding Director of the Software Freedom Law Center. “The Linux Foundation, and the companies joining this Initiative, are enabling these dedicated programmers to continue maintaining and improving the free and open source software that makes the Net work safely for us all. This is business and community collaboration in the public interest, and we should all be grateful to The Linux Foundation for making it happen.”

And the Heartbleed vulnerability highlighted the importance these projects have and the problem that their lack of resources can present. OpenSSL, for example, is run by volunteers and the project often only gets a few thousand dollars in donations each year. The money from the CII will allow these projects to dedicate full-time resources to development, testing and other tasks.

“Security is an industry-wide concern requiring industry-wide collaboration. The Core Infrastructure Initiative aligns with our participation in open source and the advancement of secure development across all platforms, devices and services,” said Steve Lipner, partner director of software security at Microsoft.


Link to comment
Share on other sites

  • Replies 2
  • Views 1k
  • Created
  • Last Reply

Top Posters In This Topic

  • anuseems


  • Reefa


  • BigHead50


Top Posters In This Topic


I am Glad to See that at least Some of the Large tech Giants are Realizing that something Has to be done....

Now if they Would Start Backing "NET NEUTRALITY" it would be Wonderful.....

Link to comment
Share on other sites

The who's who of tech companies have agreed to donate millions of dollars to help key, yet under-funded open source projects in the wake of the recent Heartbleed bug crisis. According to ArsTechnica, companies like Amazon, Cisco Systems, Facebook, Google, IBM, Intel, Microsoft, and more, will contribute at least $3.9 million to the Core Infrastructure Initiative, which will be hosted at the San Francisco-based non-profit Linux Foundation.

Open source software like OpenSSL is core to the business of many big technology corporations, which use the library on their websites to send encrypted data safely between servers and clients.

But the crucial role OpenSSL plays in securing the Internet wasn't matched by the financial resources devoted to maintain it. According to OpenSSL Software Foundation President Steve Marquess, the project received $2000 a year in donations, and has only one full time employee.

"I think we got a little too comfortable as a community of software developers, and we shouldn't be," says Chris DiBona, director of open source at Google, adding that "We should really pay way more attention to the quality of our security software and of these core bits".

It's not that every open source project is under-resourced and cash starved. There are many projects that receive good support from the companies that depend on them. For example, the Linux kernel project has multiple employees and financial support from tech giants like HP, IBM, Red Hat, Intel, Oracle, Google, Cisco, and more.

According to Jim Zemlin, executive director of the Linux Foundation, companies will contribute $100,000 per year, with a minimum three-year commitment. Although the money will go to multiple open source projects, OpenSSL is at the top of the list.


Edited by anuseems
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...