Computer Security Major Tech Firms Pledge $3.6 Million Open-Source Fund to...

Major Tech Firms Pledge $3.6 Million Open-Source Fund to Avoid Next Heartbleed Bug

heartbleed bug fund for open sourceThe Heartbleed Internet security flaw has sparked serious conversations and concerns about Internet security, as it is claimed to be one of the most destructive vulnerabilities on the Internet in history. Many tech firms have taken additional steps to avoid slipping into the pit of doom that Heartbleed has caused through disruption of the open-source SSL cryptography that over two-thirds of websites utilize. To be proactive and reduce the likelihood of future Heartbleed issues or similar bugs to affect the Internet again, the tech giants Google, Facebook, and even Microsoft, have pledged financial support to the folks who maintain OpenSSL so they have the necessary resources to combat future Heartbleed bugs.

If you have taken the liberty to read about Heartbleed, you will know that it is a flaw that mainly affects OpenSSL, which is a popular open-source software used to security most websites on the Internet. Additionally, Heartbleed has caused issues with smartphones running Android, home routers and many other Internet-connected devices that we use on a daily basis. Heartbleed has shocked many to find out that it has been propagating on the internet unnoticed for about two years now.

So far, 12 or more technology firms have pledged about $3.6 million over the next three years to fund open-source projects where OpenSSL would be the first to receive the funds. Already, open-source developers are underfunded and simply do not have the necessary resources to figure out issues that arise like Heartbleed. Let alone, open-source developers have a hard enough time battling other minor bugs and issues discovered due to exploitations and hackers pilfering data on the internet.

Executive director of the Linux Foundation, Jim Zemlin, has already stated that the Heartbleed bug "would have been a lot less likely if they had more people working more hours on the core project." He goes on to say "This is a genuine, no-strings-attached offer to help."

What it comes all down to with emerging Internet security bugs and flaws, is that OpenSSL, a widely utilized security feature for websites, is written and maintained by four people and a few other contributors who live in Europe and have jobs during the day but code in their spare time. The programmers do not have time to check every line of code and cannot afford to pay for formal review of the code. With the aid of several major tech companies contributing millions to the open-source fund, these programmers will have the ability to hire help thus implement additional security features to potentially avoid future flaws or internet security bugs like Heartbleed.

The final numbers of how much money will be contributed to the fund has not been finalized yet. Either amount, every dollar will be a step in the right direction to make the internet a safer place for everyone and assist with branding open-source software on the internet more secure.