Feeds

Linux Foundation flings two full-time developers at OpenSSL

Crack anti-Heartbleed team sent in to patch critical tech

Secure remote control for conventional and virtual desktops

The Linux Foundation's new elite tech repair team has named its initial areas of focus as it works to find and seal holes in widely-used open source software.

The Linux Foundation announced on Thursday that members of the "Core Infrastructure Initiative" (CII) will dedicate resources to working on the Network Time Protocol, OpenSSH, and OpenSSL to hunt down and fix flaws in the tech that helps tie the internet together.

"All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today's global information infrastructure," said Jim Zemlin, the executive director of the Linux Foundation.

"CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds."

The CII was set up in late April in response to the critical "Heartbleed" OpenSSL bug. The founding companies included Amazon Web Services, Cisco, Dell, Facebook, Intel, Microsoft, NetApp, Qualcomm, Rackspace, VMware, IBM, Google, and Fujitsu.

Now, the group plans to make funds available through the Linux Foundation for two, full-time core developers of OpenSSL. It will also fund the Open Crypto Audit Project to run a full audit of the OpenSSL codebase.

Along with the new projects, the Linux Foundation announced that the CII has signed up some new members, including Adobe, Bloomberg, HP, and salesforce.com. [No word yet on Red Hat, Canonical, or Oracle, though.—Ed.]

The Linux Foundation has also formed a CII Advisory Board which will help guide the participating companies "about the open source projects most in need of support," the Foundation said.

The initial membership of the board reads as a Who's Who of people in the security and open source communities, and includes: Linux kernel developer Ted T'so, security expert Bruce Schneier, top open source legal brain Eben Moglen, Matthew Green, Alan Cox, Dan Meredith, and Eric Sears.

Armed with money, companies, and knowledgeable advisors, the Foundation is betting that the CII will be good enough to stop another flaw occurring. Open source aficionados around the world are likely crossing their fingers and hoping the bet is correct. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
ONE MILLION people already running Windows 10
A third of them are doing it in VMs, but early feedback focuses on frippery
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Torvalds CONFESSES: 'I'm pretty good at alienating devs'
Admits to 'a metric ****load' of mistakes during work with Linux collaborators
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Do Moan! MONSTER 6-day EMAIL OUTAGE hits Domain Monster
Customers freaked out by frightful service
Ploppr: The #VultureTRENDING App of the Now
This organic crowd sourced viro- social fertiliser just got REAL
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.