2 Comments

Summary:

Linux Foundation-led group opens its checkbook to fund OpenSSL developers and an audit of that key security technology.

Just a few weeks ago, the Linux Foundation rounded up vendors to fund work to improve and buttress the OpenSSL open-source security project. On Thursday, it announced the first concrete steps to do that work.

Specifically, the foundation’s Core Infrastructure Initiative (CII) said it will pay for two developers to work on the OpenSSL project and for an audit of the technology to be conducted by the Open Crypto Audit Project.

The CII also added new members – Adobe, Bloomberg, HP, Huawei, Qualcomm, and Salesforce.com– who will join Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and the Foundation in this effort.

The OpenSSL Project is also accepting additional donations.

Nearly everyone agrees that OpenSSL does important work that many vendors use in their software and services. But very few of them ponied up money to fund that work, a sore point that arose after the Heartbleed vulnerability fiasco surfaced in early April.

CII members commit to contributing $100,000 per year for at least three years so the total investment now stands at $5.4 million spread for that period. The CII said it will also devote resources to the Network Time Protocol for clock synchronization between systems and OpenSSH for encrypted communications — so that money will be divvied up among those projects.

  1. You got to make money to spend money. Some people have it the other way around – you got to spend money to make money.
    Leslie

    Reply Share
  2. “But very few of them ponied up money to fund that work”

    Isn’t the OpenSSL Foundation a private company registered in Maryland and funded by consulting that makes more money than was donated to many open source projects like OpenBSD? This “we are poor” narrative needs to be investigated.

    Reply Share