OpenSSL Foundation president asks for more financial support in the wake of Heartbleed

openssl foundation president asks financial support wake heartbleed bleeding heart 2

If the organizations, companies, and governments that employ OpenSSL with their websites want to ensure that their sites stay secure from future threats like Heartbleed down the line, Steve Marquess, the president of the OpenSSL Software Foundation, asks that the entities which use OpenSSL donate more money towards its operations, the LA Times reports. Marquess made the case for additional funding in this blog post.

“While OpenSSL does ‘belong to the people’ it is neither realistic nor appropriate to expect that a few hundred, or even a few thousand, individuals provide all the financial support,” Marquess wrote. “The ones who should be contributing real resources are the commercial companies and governments who use OpenSSL extensively and take it for granted.”

Marquess specifically took members of the Fortune 1000, list to task in his note.

“I’m looking at you, Fortune 1000 companies. The ones who include OpenSSL in your firewall/appliance/cloud/financial/security products that you sell for profit, and/or who use it to secure your internal infrastructure and communications. The ones who don’t have to fund an in-house team of programmers to wrangle crypto code, and who then nag us for free consulting services when you can’t figure out how to use it. The ones who have never lifted a finger to contribute to the open source community that gave you this gift. You know who you are.”

Marquess also names the U.S. Department of Defense in his note as an agency that could provide additional funding, calling an investment in OpenSSL a “no-brainer.”

MORE: How to check if your favorite website is vulnerable to Heartbleed

OpenSSL is a data encryption method employed by many websites that safeguard the data you type into your Web browser. OpenSSL contains a function known as a heartbeat option. While a person is visiting a website that encrypts data using OpenSSL, his or her computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected, following a pattern similar to a heartbeat. The Heartbleed bug means hackers can send fake heartbeat messages, which can trick a site’s server into relaying data that’s stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more. This web comic also explains how Heartbleed works.

According to Marquess, the OpenSSL Foundation only pulls in about $2,000 per year in donations, with the rest of its funding coming in via support contracts it honors, where part-time technicians assist clients with problems that are specific to them. Overall, the OpenSSL Foundation has never surpassed $1 million in annual funding. On top of that, then OpenSSL is understaffed, according to Marquess, with the entire team consisting of a single full-time staff member, and a handful of part-timers.

Computing

Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites

A 20-year-old security flaw in the design of the Wi-Fi standard and how computers communicate using the transmission control protocol could allow hackers to perform a web cache poisoning attack to steal your data and login information.
Social Media

How to send money on Facebook

In case you weren't already aware, you can now use Facebook Messenger to send or request money, which will allow you to skirt the fees oft-associated with services like Venmo. Here's how to use it.
Social Media

Facebook is paying cash rewards if you find vulnerabilities in third-party apps

As part of efforts to put the Cambridge Analytica scandal and related issues behind it, Facebook said this week it's expanding its bug bounty program to include third-party apps and websites that could potentially misuse its data.
Social Media

How to run a free background check

There are plenty of legitimate reasons for carrying out a background check, and not all of them are creepy. Here are several methods that allow you to run a thorough background check on someone online, whether you need to vet a potential…
Computing

Newegg was cracked, customer data has leaked, and security is clearly scrambled

Online electronics retailer Newegg has found themselves at the heart of an online security breach as the company's payment system was breached, giving hackers of the notorious group, Magecart, potential access to confidential customer data…
News

Winamp media player might be back from the dead, with Windows 10 support

Winamp might be back from the dead, and it's bringing support for Microsoft Windows 10 with the first new software release since its acquisition by Radionomy in 2014. Fans of the media player will also enjoy new features and bug fixes.
Computing

Heavily overclocked RTX 2080 Ti steals every 3DMark record

Nvidia's RTX 2080 Ti is already the most powerful graphics card ever released, but with liquid nitrogen cooling overclocker Kingpin was able to push the card to new heights and break a bunch of records in the process.
Computing

Photoshop isn't required to resize images. Here are 6 ways to do it in seconds

Resizing an image isn't the toughest thing in the world, even if it may seem like a hassle. Here's how to resize an image using six tools that allow you to make quick work of any photo, regardless of your operating system.
Computing

Chromebook keyboard showcase may have leaked Pixelbook 2 images

As we approach Google's #madebygoogle event taking place in early October, new rumors and leaks for a possible Pixelbook 2 are appearing online. This latest one may show what the rumored Nocturne design will look like.
Virtual Reality

Walmart stocks its stores with VR training for its employees

Walmart will begin rolling out virtual reality training experiences to all of its stores this year with the power of Oculus Go. More than 6,300 stores will receive the new technology, helping the company train its employees.
Computing

Tap Strap wearable keyboard gains support for VR applications

TAP System's wearable keyboard gains support for virtual reality, now compatible with Windows Mixed Reality, Oculus Rift, and HTV headsets. Type and tap for up to eight hours in VR without needing to look at a physical keyboard.
Deals

Walmart takes $380 off the MacBook Air for a limited time

Walmart is offering a steep discount on the MacBook Air. Though the $380 discount is lovely, this offer comes with an extra charger to sweeten the deal. If you're looking to pick up an Apple MacBook for less, now is an excellent time.
Computing

PDF to JPG conversion is quick and easy using these simple methods

Converting file formats can be an absolute pain, but it doesn't have to be. We've put together a comprehensive guide on how to convert a PDF to JPG, no matter which operating system you're running.
Computing

Documentation shows data recovery possible for Macs with T2 coprocessor

New documentation from Apple shows that data recovery is indeed possible for Macs with T2 Coprocessor thanks to internal diagnostics software, giving users of the 2018 MacBook Pro new hope in the event of a system failure.