The Linux Foundation has rounded up the likes of Amazon Web Services, Dell, Cisco, Google, Microsoft, VMware and other technology companies to take part in a project that will harden OpenSSL security.
The non-profit technology consortium dedicated to fostering the growth of open source operating system is spearheading the security project in the wake of the Heartbleed security crisis. The project is part of a bigger initiative by the foundation called the Core Infrastructure Initiative aimed at enabling technology companies to “collaboratively” identity and fund open source projects which they deem are in need of assistance.
“The first project under consideration to receive funds from the initiative will be OpenSSL, which could receive fellowship funding for key developers as well as other resources to assist the project in improving its security, enabling outside reviews and improving responsiveness to patch request,” the foundation said in a statement.
Other tech vendors who are considered founding backers of the initiative are Facebook, Fujitsu, IBM, Intel, NetApp and Rackspace.
Earlier this month the Canada Revenue Agency had to shut down its Web site is connection with security concerns involving Heartbleed, an OpenSSL security vulnerability that exposes the information on data servers. Because OpenSSL is so widely used, more than half a million Web sites around the world are believed to likely be affected by the flaw.
Some security experts have suggested that the flaw remained undetected for so long partly because OpenSSL is under-funded. It has many users but very few of them contribute to the project
According to a report on the online technology site Gigaom.com, a Linux Foundation spokesperson confirmed that each company involved in the project is providing $100,000 per year for a minimum of three years. This means that the initial investment could total $3.6 million over a period of three years.
“The Linux Foundation, and the companies joining this initiative are enabling these dedicated developers to continue maintaining and improving the free and open source software that makes the Net work safely for us all,” said Prof. Eben Moglen, of the Columbia Law School and founding director of the Software Freedom Law Centre. “This is business and community collaboration in the public interest, and we should be grateful to the Linux Foundation for making this happen.”