Feeds

Linux Foundation flings two full-time developers at OpenSSL

Crack anti-Heartbleed team sent in to patch critical tech

The Power of One Brief: Top reasons to choose HP BladeSystem

The Linux Foundation's new elite tech repair team has named its initial areas of focus as it works to find and seal holes in widely-used open source software.

The Linux Foundation announced on Thursday that members of the "Core Infrastructure Initiative" (CII) will dedicate resources to working on the Network Time Protocol, OpenSSH, and OpenSSL to hunt down and fix flaws in the tech that helps tie the internet together.

"All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today's global information infrastructure," said Jim Zemlin, the executive director of the Linux Foundation.

"CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds."

The CII was set up in late April in response to the critical "Heartbleed" OpenSSL bug. The founding companies included Amazon Web Services, Cisco, Dell, Facebook, Intel, Microsoft, NetApp, Qualcomm, Rackspace, VMware, IBM, Google, and Fujitsu.

Now, the group plans to make funds available through the Linux Foundation for two, full-time core developers of OpenSSL. It will also fund the Open Crypto Audit Project to run a full audit of the OpenSSL codebase.

Along with the new projects, the Linux Foundation announced that the CII has signed up some new members, including Adobe, Bloomberg, HP, and salesforce.com. [No word yet on Red Hat, Canonical, or Oracle, though.—Ed.]

The Linux Foundation has also formed a CII Advisory Board which will help guide the participating companies "about the open source projects most in need of support," the Foundation said.

The initial membership of the board reads as a Who's Who of people in the security and open source communities, and includes: Linux kernel developer Ted T'so, security expert Bruce Schneier, top open source legal brain Eben Moglen, Matthew Green, Alan Cox, Dan Meredith, and Eric Sears.

Armed with money, companies, and knowledgeable advisors, the Foundation is betting that the CII will be good enough to stop another flaw occurring. Open source aficionados around the world are likely crossing their fingers and hoping the bet is correct. ®

Using blade systems to cut costs and sharpen efficiencies

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.