Some of the biggest names in the tech industry have have each pledged $100,000 per year over the next three years to fund open-source projects essential to Internet security in a program called the “Core Infrastructure Initiative” that will deliver at least $3.9 million in support.
The effort is being coordinated by the Linux Foundation, which itself supports the open-source Linux operating system, and has garnered support from Facebook, Amazon, Cisco, Dell, Google, IBM, Intel, Microsoft, and VMWare, among others.
Heartbleed, one of the worst security flaws to ever hit the Internet, began when a small, overworked team of mostly volunteers on the OpenSSL Software Foundation let a simple, devastating mistake pass for over two years.
Open-source software means, in theory, that anyone can look at the code under a program’s hood to check for errors or problems. Too often, however, it means that tiny groups of volunteers are stuck with crucial work that the rest of the Internet depends upon but largely ignores.
“Heartbleed is further evidence that we don’t have our house in order when it comes to Internet security,” Edward Felten, a computer security expert at Princeton University, told the New York Times when the bug was discovered.
Since then, there has been a push to get the world’s biggest tech firms to offer “real no-strings attached-funding,” as Johns Hopkins University Research Professor and Cryptographer Matthew Green wrote, to open-source projects like OpenSSL so that the volunteers would be able to do their job well.
“This is not just about the money, but the forum,” Jim Zemlin, executive director of the Linux Foundation, told the Times on Wednesday. “Instead of responding to a crisis retroactively, this is an opportunity to identify crucial open-source projects in advance. Right now, nobody is having that conversation, and it’s an important conversation to have.”
The OpenSSL project has received about $17,000 in donations, mostly from individuals, since Heartbleed was discovered.