Feeds

Linux Foundation flings two full-time developers at OpenSSL

Crack anti-Heartbleed team sent in to patch critical tech

Security for virtualized datacentres

The Linux Foundation's new elite tech repair team has named its initial areas of focus as it works to find and seal holes in widely-used open source software.

The Linux Foundation announced on Thursday that members of the "Core Infrastructure Initiative" (CII) will dedicate resources to working on the Network Time Protocol, OpenSSH, and OpenSSL to hunt down and fix flaws in the tech that helps tie the internet together.

"All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today's global information infrastructure," said Jim Zemlin, the executive director of the Linux Foundation.

"CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds."

The CII was set up in late April in response to the critical "Heartbleed" OpenSSL bug. The founding companies included Amazon Web Services, Cisco, Dell, Facebook, Intel, Microsoft, NetApp, Qualcomm, Rackspace, VMware, IBM, Google, and Fujitsu.

Now, the group plans to make funds available through the Linux Foundation for two, full-time core developers of OpenSSL. It will also fund the Open Crypto Audit Project to run a full audit of the OpenSSL codebase.

Along with the new projects, the Linux Foundation announced that the CII has signed up some new members, including Adobe, Bloomberg, HP, and salesforce.com. [No word yet on Red Hat, Canonical, or Oracle, though.—Ed.]

The Linux Foundation has also formed a CII Advisory Board which will help guide the participating companies "about the open source projects most in need of support," the Foundation said.

The initial membership of the board reads as a Who's Who of people in the security and open source communities, and includes: Linux kernel developer Ted T'so, security expert Bruce Schneier, top open source legal brain Eben Moglen, Matthew Green, Alan Cox, Dan Meredith, and Eric Sears.

Armed with money, companies, and knowledgeable advisors, the Foundation is betting that the CII will be good enough to stop another flaw occurring. Open source aficionados around the world are likely crossing their fingers and hoping the bet is correct. ®

Beginner's guide to SSL certificates

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
Was ist das? Eine neue Suse Linux Enterprise? Ausgezeichnet!
Version 12 first major-number Suse release since 2009
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.