Linux Foundation and Major Tech Companies Want to Boost OpenSSL Security

The Linux Foundation and major technology companies such as Google, Facebook and Microsoft have launched the Core Infrastructure Initiative. The initiative is a response to the Heartbleed bug and provides millions of dollars to make OpenSSL more secure.

The Linux Foundation is the initiator of the project. Facebook, Google, Microsoft, IBM, Dell and Amazon, among others, have supported the initiative. Companies that sign up must each donate $100,000 a year to the initiative for the next three years. At the time of writing, thirteen companies have signed up, which means that $3.9 million has already been pledged for the next three years.

Jim Zemlin, executive director of the Linux Foundation, tells The Verge that Linux only plays the role of “money guard.” Any company that supports the initiative may nominate representatives to sit on a committee of open source developers and academics. That committee then determines which open source projects will receive funding. Money will also go to, for example, security controls, infrastructure and coordinating companies working on similar projects.

The Linux director says the initiative should play a critical role in debugging open source projects before malicious people find them. “At the moment no one is discussing this, although it is a crucial discussion,” said Zemlin. After the appearance of the Heartbleed bug, large companies have been criticized, which often use open source software, but do little to guarantee security. The Core Infrastructure Initiative will initially focus only on OpenSSL, later it will also focus on ModSSL, PGP and OpenCryptolab.