Just a few weeks ago, the Linux Foundation rounded up vendors to fund work to improve and buttress the OpenSSL open-source security project. On Thursday, it announced the first concrete steps to do that work.
Specifically, the foundation’s Core Infrastructure Initiative (CII) said it will pay for two developers to work on the OpenSSL project and for an audit of the technology to be conducted by the Open Crypto Audit Project.
The CII also added new members – Adobe, Bloomberg, HP, Huawei, Qualcomm, and Salesforce.com– who will join Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and the Foundation in this effort.
The OpenSSL Project is also accepting additional donations.
Nearly everyone agrees that OpenSSL does important work that many vendors use in their software and services. But very few of them ponied up money to fund that work, a sore point that arose after the Heartbleed vulnerability fiasco surfaced in early April.
CII members commit to contributing $100,000 per year for at least three years so the total investment now stands at $5.4 million spread for that period. The CII said it will also devote resources to the Network Time Protocol for clock synchronization between systems and OpenSSH for encrypted communications — so that money will be divvied up among those projects.