Facebook, Google, Intel, Microsoft, NetApp, Qualcomm, VMware And The Linux Foundation Form New Initiative To Prevent The Next Heartbleed

The OpenSSL Heartbleed disaster definitely opened up many people’s eyes to how underfunded and understaffed many of the open source projects the web relies on are. To prevent the next Heartbleed, Facebook, Google, Intel, Microsoft, NetApp, Qualcomm, VMware and The Linux Foundation today announced the “Core Infrastructure Initiative.” This initiative will fund and support important open source projects “that are in need of assistance.”

While it’s not clear how much money each of the participants is contributing, the Linux Foundation — which organized this program — says this is a “multi-million dollar project” and should be seen as the industry’s collective response to the Heartbleed crisis. The Linux Foundation will administer the initiative’s funds.

See also  How to Enable LDAP Authentication for Subversion on CentOS 6.2

Unsurprisingly, the OpenSSL project will be the first to receive fellowship funding from the initiative. The idea behind the fellowships is to allow key developers to work on these projects full-time. Besides the funding, the projects that will receive support from the initiative will also get other forms of assistance to improve their security, including outside reviews, security audits, computing and test infrastructure, travel and other support.

Considering the importance of a project like OpenSSL, it is indeed somewhat shameful that it only received about $2,000 per year in donations. Money alone, of course, may not have been enough to help catch the Heartbleed bug, so it’s good to see that the participating companies are also dedicating test resources to this project.

See also  DDoS attacks rally Linux servers

“Just as The Linux Foundation has funded Linus Torvalds to be able to focus 100% on Linux development, we will now be able to support additional developers and maintainers to work full-time supporting other essential open source projects,” said Jim Zemline, the executive director of the Linux Foundation in a statement today.

The idea behind open source, of course, is to get as many people as possible to produce high-quality code that is also secure. Many of the projects we rely on day in and day out, however, have grown so complex that having only a few part-time developers working on them isn’t enough to ensure their quality and security. The Linux Foundation acknowledges as much today.

See also  2015 will be the year Linux takes over the enterprise (and other predictions)

“The most recent Coverity Open Scan study of software quality has shown that open source code quality surpasses proprietary code quality. But as all software has grown in complexity – with interoperability between highly complex systems now the standard – the needs for developer support has grown.”

Looking ahead, the Core Infrastructure Initiative plans to move away from what is clearly a reactive post-crisis mode to a more proactive mode. Going forward, the initiative will focus more strongly on proactive reviews that identify the need of the most important projects — hopefully before the next Heartbleed crisis hits.

Click here for full story

How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7

This short howto will explain the steps to reset a lost root password or to reset a forgotten root password on Linux RHEL 7 or CentOS 7. Basically, we will...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

Leave a Reply

Your email address will not be published. Required fields are marked *