Feeds

Linux Foundation flings two full-time developers at OpenSSL

Crack anti-Heartbleed team sent in to patch critical tech

The smart choice: opportunity from uncertainty

The Linux Foundation's new elite tech repair team has named its initial areas of focus as it works to find and seal holes in widely-used open source software.

The Linux Foundation announced on Thursday that members of the "Core Infrastructure Initiative" (CII) will dedicate resources to working on the Network Time Protocol, OpenSSH, and OpenSSL to hunt down and fix flaws in the tech that helps tie the internet together.

"All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today's global information infrastructure," said Jim Zemlin, the executive director of the Linux Foundation.

"CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds."

The CII was set up in late April in response to the critical "Heartbleed" OpenSSL bug. The founding companies included Amazon Web Services, Cisco, Dell, Facebook, Intel, Microsoft, NetApp, Qualcomm, Rackspace, VMware, IBM, Google, and Fujitsu.

Now, the group plans to make funds available through the Linux Foundation for two, full-time core developers of OpenSSL. It will also fund the Open Crypto Audit Project to run a full audit of the OpenSSL codebase.

Along with the new projects, the Linux Foundation announced that the CII has signed up some new members, including Adobe, Bloomberg, HP, and salesforce.com. [No word yet on Red Hat, Canonical, or Oracle, though.—Ed.]

The Linux Foundation has also formed a CII Advisory Board which will help guide the participating companies "about the open source projects most in need of support," the Foundation said.

The initial membership of the board reads as a Who's Who of people in the security and open source communities, and includes: Linux kernel developer Ted T'so, security expert Bruce Schneier, top open source legal brain Eben Moglen, Matthew Green, Alan Cox, Dan Meredith, and Eric Sears.

Armed with money, companies, and knowledgeable advisors, the Foundation is betting that the CII will be good enough to stop another flaw occurring. Open source aficionados around the world are likely crossing their fingers and hoping the bet is correct. ®

Designing a Defense for Mobile Applications

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.