A disastrous event like the Heartbleed bug is sometimes needed to convince big companies to cast aside their differences and work together. Tech giants have agreed for the first time to fund a multi-million dollar initiative that will help protect open source projects, including OpenSSL.
The Core Infrastructure Initiative housed at The Linux Foundation will be a three-year effort with at least $3.9 million behind it and is backed by some of the biggest companies around. Amazon, Intel, Microsoft, Facebook, Google, IBM, Fujitsu, Cisco, NetApp, Dell, VMware, Rackspace and Qualcomm are some of the CII’s early supporters.
OpenSSL and other open-source projects are a crucial part of many tech companies businesses, allowing a secure way of encrypted data transfer between servers and clients. Unfortunately, these software programs have received very little funding and have operated mostly on donations. Given these circumstances, it’s not surprising that something like the Heartbleed bug has surfaced.
Heartbleed is a security error that exploits an OpenSSL built-in feature. Normally, when a computer is accessing a website data is sent, the website then responds and sends back the same amount of data it received. This exchange between the computer and a website is known as a heartbeat. The OpenSSL bug known as Heartbleed allows hackers to request and receive additional data from servers, including usernames, passwords and even credit card numbers.
The Core Infrastructure Initiative was founded to prevent errors like Heartbleed from happening again, better late than never I guess. Chris DiBona, open source director at Google admitted that they got a little too comfortable when it comes to software security. “I think we got a little too comfortable as a community of software developers, and we shouldn’t be,” adding that “We should really pay way more attention to the quality of our security software and of these core bits”.
Let’s hope the CII will take care of any more problems that could arise and we can all go back to browing the internet without fearing that security information might leak out.