Tech giants throw money at OpenSSL in response to Heartbleed

Crucial open-source projects including OpenSSL will get at least $5.4 million in funding over three years.

By Jared Newman, PC World |  Security, openssl

OpenSSL is getting funded for two full-time developers and a security audit in an attempt to prevent another devastating bug like Heartbleed.

The money is coming from the Core Infrastructure Initiative (CII), a group of tech companies that came together last month in response to Heartbleed. At the time, CII said that each company would contribute at least $100,000 per year to crucial open-source projects over at least a three-year span, but the group didn't say how it would distribute the funds.

In a press release , the group announced that OpenSSL will get enough money to hire two full-time developers. The Open Crypto Audit Project will also receive funds for a security audit of OpenSSL.

Money is also going to OpenSSH, a set of programs that mainly allows for secure remote logins to Unix-based systems, and to Network Time Protocol, which synchronizes the timing of networked computers. The Linux Foundation will be in charge of distributing the funds.

Many websites and applications rely on OpenSSL to keep communications secure over the Internet. But since 2011, an undetected flaw in the code had theoretically allowed attackers to eavesdrop on these communications.

When researchers disclosed the bug in April, giving it the nickname Heartbleed, it triggered a mad scramble by Web developers to make their sites secure again. It also exposed how ill-equipped OpenSSL was to stamp out bugs. At the time, the group only had one full-time developer, with other developers only contributing contract-based work in their spare time.

Although CII didn't specify how much money each open-source project would get, in total the group will contribute at least $5.4 million over three years, according to Ars Technica. That's up from a previously reported figure of $3.6 million, as more tech companies have joined the group recently.

The current membership includes Adobe, Amazon Web Services, Bloomberg, Cisco, Dell, Facebook, Fujitsu, Google, HP, Huawei, IBM, Intel, Microsoft, NetApp, Rackspace, salesforce.com and Vmware.


Originally published on PC World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness