Advertisement

Technology leaders form alliance to prevent another Heartbleed

Be honest, don't you kinda wish we could just rub our collective eyes and all this Heartbleed business would just disappear? Tough luck hombre, it's still here, and some kid's trying to steal your vacation photos (probably). When we spoke to the open source initiative about it recently, we got a less than reassuring reply -- that the problem is partly about resources. What is more reassuring this this: The Core Infrastructure Initiative. If that sounds like a conference you'd pay money to not attend, we're with you, but trust us, it's for your benefit. In short, some of the biggest names in tech (Facebook, Google, Amazon, Intel and many more) have pledged to work with the Linux Foundation to make sure something like Heartbleed doesn't happen again. How? Mostly with cold hard cash, with each of the 13 company's involved chipping in to the "multi-million" dollar project. But how's it actually going to work?

The Linux Foundation claims that the OpenSSL project (that makes the software exploited by Heartbleed) has received about $2,000 in donations "in past years." That's barely enough to buy the team a new embroidered polo shirts. The Core Infrastructure Initiative will divvy up the cash to similar projects that have been identified as needing proactive assistance, something that it hopes could prevent the next Heartbleed. Unsurprisingly, the first project to benefit from the scheme is OpenSSL itself. Worried that your Facebook stock dollars are funding "free" open source projects? Don't. So much of the internet relies on this technology that it's not a question of commercial strategy, it's common sense. As we're all finding out now, the hard way.