Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Eliminate costly downtime!
Find out how with Free White Paper
& enter to win a Samsung Galaxy Note

www.apc.com
Linux/Open Source
Cisco UCS Invicta Series flash memory systems
Average Rating:
Rate this article:  
Tech Giants Fund Initiative To Prevent Future Heartbleeds
Tech Giants Fund Initiative To Prevent Future Heartbleeds

By Barry Levine
April 24, 2014 10:36AM

    Bookmark and Share
The OpenSSL project in the past "received about $2,000 per year in donations," the Linux Foundation said. That is set to change with the multimillion-dollar Core Infrastructure Initiative driven by large technology firms. The foundation said there was an increased need for support because of the increased complexity of key open-source software.
 



Can more funding prevent Heartbleed vulnerabilities in future open-source software? A new Core Infrastructure Initiative at the Linux Foundation is attempting to find out.

More than a dozen major technology companies are backing the project. Participating firms will contribute $100,000 each per year for three years to the foundation. At launch, supporters include Google, Microsoft, Amazon, IBM, Facebook, Dell, Cisco, Intel, Rackspace and Fujitsu. A total of $4 million has reportedly been raised so far.

On its Web site, the Foundation said the project, "inspired by the Heartbleed OpenSSL crisis," will fund those Linux-based open source projects that the organization considers on the critical path for core computing capabilities.

Steering Group, Advisory Board

The widely used OpenSSL certainly qualifies on that score, since it is employed for the secure transmission of passwords and other data. A major flaw -- which allowed the encryption to be broken without leaving a trail -- was made public on April 7, two years after the error was inadvertently written into OpenSSL.

Overseeing the funds will be the foundation and a steering group, the latter which will consist of representatives from the tech companies, key open-source developers and others. The committee will select projects and developers, approve funding, oversee project roadmaps, and work to add additional members. There will also be an advisory board of key developers and industry stakeholders.

The funds are expected to be used for fellowships for key developers to devote their full-time efforts to the designated open-source project, as well as for security audits, computing and test infrastructure, travel, face-to-face meeting coordination, and other expenses. For the OpenSSL project, funds will also be used to improve responsiveness to patch requests.

'Smart and Not Too Late'

The foundation noted in an FAQ on its Web site that the shared code used in some open-source projects had "not received the level of support commensurate with their importance."

As an example, it noted that the OpenSSL project has, in past years, "received about $2,000 per year in donations." Although open source can produce "high-quality and highly secure software," the foundation said, there is an increased need for developer support because of the increased complexity of the software and the required interoperability with complex systems.

The foundation has previously been supplying funds for developers, including Linux creator Linus Torvalds, to similarly take care of the core Linux kernel. The initiative will be looking to help developers and existing open-source projects and communities, like the ones that have evolved around OpenSSL.

Al Hilwa, program director for Application Development Software research at IDC, told us that the Initiative was "smart and not too late." He added that it was "savvy of the foundation to put more resources into this," given that "what's needed is a good analysis of the code."

He added that, while "open source got a black eye [with Heartbleed], stuff like this happens in proprietary software as well," but we don't always hear about it.
 

Tell Us What You Think
Comment:

Name:

AuditThemAll:

Posted: 2014-04-24 @ 4:09pm PT
A good step in the right direction! While the relationship between money and quality is not linear, if $2000/year gets us OpenSSL as we know today, imagine what $200,000/year will get. Now it is important to keep the effort focused. Security audits, that's what the money should be spent on, and not only audit of Linux, or of Open Source software. if the proprietary guys open up to formalized audits, we will all be better off.



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 Linux/Open Source
1.   Oracle Releases a Slew of Upgrades
2.   Samsung Postpones Tizen Phone
3.   HP Drops $50M on Hortonworks
4.   Teradata Bets Big on 2 Big Data Buys
5.   New OpenStack Release Available


advertisement
New OpenStack Release Available
Red Hat touts VMware integration.
Average Rating:
Another Day, Another IoT Consortium
Intel, Samsung, Dell seek standards.
Average Rating:
Oracle Releases a Slew of Upgrades
Database 12c, Linux 7, Data Cloud.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
New 'Backoff' Malware Slips Undetected into Retail Systems
'Malicious actors' are using a new variety of malware to access consumer payment data remotely through point-of-sale systems, according to a report from the Department of Homeland Security.
 
IBM Beefs Up Identity Intelligence Security Solutions
Big Blue is betting big on identity intelligence. IBM just acquired a private firm with security software to govern user access to apps and data across cloud and on-premise environments.
 
USB Security Flaw Lets Hackers Hijack PCs
Hackers can use the firmware that controls USB functions to take control of computers, say security experts. That means there may be a new class of attack for which there are no defenses.
 

Enterprise Hardware Spotlight
AMD's ARM-Based Opteron Out in $3K Dev Kit
It's dubbed "Seattle" and it's AMD's first 64-bit ARM-based Opteron processor. The low-power chip is being released as part of AMD’s Opteron A1100-series developer kit, and aimed at high-end data center needs.
 
Apple Updates MacBook Pros, Cuts Prices Up to $100
The popular MacBook Pro laptop line just got an update and a price cut of as much as $100. The MacBook Pro with Retina display now includes faster processors and double the memory.
 
Dell, BlackBerry Not Sweating Apple-IBM Alliance
IBM's recent move to partner with Apple to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unperturbed for now.
 

Mobile Technology Spotlight
BlackBerry Messenger Now Available on Windows Phone
BlackBerry's free Messenger chatting and voice app is out of beta and widely available for Windows Phone users, the company said. BBM offers secure messaging, Groups, Voice, Channels and more.
 
Virgin Mobile Offers Custom Smartphone Plans
As the wireless carrier wars continue heating up, Virgin Mobile just threw the customization coal onto the fire. The firm has debuted a no-annual-contract plan with rates based on individual use.
 
Collaboration Provider Asana Revamps Mobile App
Asana, a collaboration software provider started by a Facebook founder, is now out with a rebuilt native iOS mobile app. It replaces one that even the company admits was not up to par.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.