News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
GET RECOGNIZED
Let an ISACA® certification elevate your career.
Register today and save
You are here: Home / Cloud Computing / Fund Seeks To Head Off Heartbleeds
DDoS Protection Powered By Verisign
Tech Giants Fund Initiative To Prevent Future Heartbleeds
Tech Giants Fund Initiative To Prevent Future Heartbleeds
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
24
2014



Can more funding prevent Heartbleed vulnerabilities in future open-source software? A new Core Infrastructure Initiative at the Linux Foundation is attempting to find out.

More than a dozen major technology companies are backing the project. Participating firms will contribute $100,000 each per year for three years to the foundation. At launch, supporters include Google, Microsoft, Amazon, IBM, Facebook, Dell, Cisco, Intel, Rackspace and Fujitsu. A total of $4 million has reportedly been raised so far.

On its Web site, the Foundation said the project, "inspired by the Heartbleed OpenSSL crisis," will fund those Linux-based open source projects that the organization considers on the critical path for core computing capabilities.

Steering Group, Advisory Board

The widely used OpenSSL certainly qualifies on that score, since it is employed for the secure transmission of passwords and other data. A major flaw -- which allowed the encryption to be broken without leaving a trail -- was made public on April 7, two years after the error was inadvertently written into OpenSSL.

Overseeing the funds will be the foundation and a steering group, the latter which will consist of representatives from the tech companies, key open-source developers and others. The committee will select projects and developers, approve funding, oversee project roadmaps, and work to add additional members. There will also be an advisory board of key developers and industry stakeholders.

The funds are expected to be used for fellowships for key developers to devote their full-time efforts to the designated open-source project, as well as for security audits, computing and test infrastructure, travel, face-to-face meeting coordination, and other expenses. For the OpenSSL project, funds will also be used to improve responsiveness to patch requests.

'Smart and Not Too Late'

The foundation noted in an FAQ on its Web site that the shared code used in some open-source projects had "not received the level of support commensurate with their importance."

As an example, it noted that the OpenSSL project has, in past years, "received about $2,000 per year in donations." Although open source can produce "high-quality and highly secure software," the foundation said, there is an increased need for developer support because of the increased complexity of the software and the required interoperability with complex systems.

The foundation has previously been supplying funds for developers, including Linux creator Linus Torvalds, to similarly take care of the core Linux kernel. The initiative will be looking to help developers and existing open-source projects and communities, like the ones that have evolved around OpenSSL.

Al Hilwa, program director for Application Development Software research at IDC, told us that the Initiative was "smart and not too late." He added that it was "savvy of the foundation to put more resources into this," given that "what's needed is a good analysis of the code."

He added that, while "open source got a black eye [with Heartbleed], stuff like this happens in proprietary software as well," but we don't always hear about it.

Tell Us What You Think
Comment:

Name:

AuditThemAll:

Posted: 2014-04-24 @ 4:09pm PT
A good step in the right direction! While the relationship between money and quality is not linear, if $2000/year gets us OpenSSL as we know today, imagine what $200,000/year will get. Now it is important to keep the effort focused. Security audits, that's what the money should be spent on, and not only audit of Linux, or of Open Source software. if the proprietary guys open up to formalized audits, we will all be better off.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN CLOUD COMPUTING
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Russian Gang with Stolen IDs Hacks Hosting Company
In August, a Russian cyber gang obtained what researchers called “the largest cache of stolen data." Now, those hackers may be putting their ill-gotten gains to criminal use.
 
Dairy Queen Latest Retailer To Report Hack
Known for its hot fries and soft-serve ice cream, Dairy Queen just made cyber history as the latest victim of a hack attack. The fast food chain said that customer data at some stores may be at risk.
 
Lessons from the JPMorgan Chase Cyberattack
JPMorgan Chase is investigating a likely cyberattack. The banking giant is cooperating with law enforcement, including the FBI, to understand what data hackers may have obtained.
 

Enterprise Hardware Spotlight
AMD's New FX Series CPU Breaks Processing Speed Record
The new FX-8370 processor from Advanced Micro Devices has set a record for silicon processor speed, the company announced. Overclocked, the eight-core chip was measured at 8722.78 MHz.
 
Intel Intros Lightning-Fast PC Processors
Call it extreme. Intel just took the covers off its first-ever eight-core desktop processor, which is aimed at hardcore power users who expect more than the status quo from their computers.
 
HP Previews ProLiant Gen9 Data Center Servers
Because traditional data center and server architectures are “constraints” on businesses, HP is releasing new servers aimed at faster, simpler and more cost-effective delivery of computing services.
 

Mobile Technology Spotlight
Rumor Mill Puts Mobile Wallet in iPhone 6
Apple is moving toward the mobile wallet world with its next iPhone. The tech giant has partnered with retailers, banks and major payment networks to make it happen, according to Bloomberg.
 
Will iPhone Finally Catch Up with NFC Mobile Payment Ability?
Apple's latest version of the iPhone may have a mobile wallet to pay for purchases with a tap of the phone. The iPhone 6 reportedly is equipped with near-field communication (NFC) technology.
 
Visual Search To Shop: Gimmick or Game Changing?
Imagine using your phone to snap a photo of the cool pair of sunglasses your friend is wearing and instantly receiving a slew of information about the shades along with a link to order them.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech | Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.