Feeds

Linux Foundation flings two full-time developers at OpenSSL

Crack anti-Heartbleed team sent in to patch critical tech

Providing a secure and efficient Helpdesk

The Linux Foundation's new elite tech repair team has named its initial areas of focus as it works to find and seal holes in widely-used open source software.

The Linux Foundation announced on Thursday that members of the "Core Infrastructure Initiative" (CII) will dedicate resources to working on the Network Time Protocol, OpenSSH, and OpenSSL to hunt down and fix flaws in the tech that helps tie the internet together.

"All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today's global information infrastructure," said Jim Zemlin, the executive director of the Linux Foundation.

"CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds."

The CII was set up in late April in response to the critical "Heartbleed" OpenSSL bug. The founding companies included Amazon Web Services, Cisco, Dell, Facebook, Intel, Microsoft, NetApp, Qualcomm, Rackspace, VMware, IBM, Google, and Fujitsu.

Now, the group plans to make funds available through the Linux Foundation for two, full-time core developers of OpenSSL. It will also fund the Open Crypto Audit Project to run a full audit of the OpenSSL codebase.

Along with the new projects, the Linux Foundation announced that the CII has signed up some new members, including Adobe, Bloomberg, HP, and salesforce.com. [No word yet on Red Hat, Canonical, or Oracle, though.—Ed.]

The Linux Foundation has also formed a CII Advisory Board which will help guide the participating companies "about the open source projects most in need of support," the Foundation said.

The initial membership of the board reads as a Who's Who of people in the security and open source communities, and includes: Linux kernel developer Ted T'so, security expert Bruce Schneier, top open source legal brain Eben Moglen, Matthew Green, Alan Cox, Dan Meredith, and Eric Sears.

Armed with money, companies, and knowledgeable advisors, the Foundation is betting that the CII will be good enough to stop another flaw occurring. Open source aficionados around the world are likely crossing their fingers and hoping the bet is correct. ®

Internet Security Threat Report 2014

More from The Register

next story
Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
Windows NEIN skipped, tech preview due out on Wednesday
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.