Skip to main content

Facebook, Microsoft, Google, and peers pledge support for OpenSSL

cupid the new heartbleed attack method that affects android devices bug
Image used with permission by copyright holder

The Linux Foundation has collaborated with major tech companies for a three-year initiative called the “Core Infrastructure Initiative,” which aims to prop up underfunded open-source projects. First on the list would be OpenSSL, which can be found in millions of Web servers and mobile devices. Though it’s been patched, in early April we learned that it had a flaw in it that’s been named the Heartbleed Bug

Facebook, Google, Microsoft, Amazon, Cisco, Dell, Fujitsu, IBM, Intel, NetApp, Rackspace, Qualcomm, and VMWa re each pledged $100,000 per year over the next three years. The total funding for the initiative would come to about $3.9 million. While it is unlikely that the whole amount will go to OpenSSL, its newfound funding represents a significant financial jump. 

As websites scurried to implement security patches for the Heartbleed Bug, Steve Marquess, the co-founder and president of the OpenSSL Software Foundation, called for more donations for his organization. According to Marquess, the OpenSSL Software Foundation only pulls in about $2,000 a year in donations and can only afford to hire one full-time employee and a handful of part-timers. The group supports itself through support contracts. However, Marquess said that they have never raised more than $1 million in annual funding.      

“There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work,” Marquess said in a blog post published on April 12. 

In his address, Marquess also called out his new benefactors, saying: “I’m looking at you, Fortune 1000 companies. The ones who include OpenSSL in your firewall/appliance/cloud/financial/security products that you sell for profit, and/or who use it to secure your internal infrastructure and communications. The ones who don’t have to fund an in-house team of programmers to wrangle crypto code, and who then nag us for free consulting services when you can’t figure out how to use it. The ones who have never lifted a finger to contribute to the open source community that gave you this gift. You know who you are.”    

It seems Marquess’ rant has struck a nerve. Top tech companies are finally opening their wallets. “Open source software is important to organizations like AWS, which deliver secure Internet experiences and services for customers,” said Steve Schmidt, the chief information security officer for Amazon Web Services, in a press release. “We are pleased to be part of the Core Infrastructure Initiative and to work with the Linux Foundation to foster continued innovation and security in key open source projects that can benefit us all.”

“Open source software makes today’s computing infrastructure possible. Facebook is excited to support these projects and the developers who maintain them. This initiative will help ensure that these core components of internet infrastructure get the assistance they need to respond to new threats and to reach new levels of scale,” said Doug Beaver, the engineering director of traffic & edge at Facebook. 

The OpenSSL security vulnerability, which plunged the Internet into a state of panic when it was first revealed on April 7, exposed the user information of about 66 percent of the world’s active websites. According to Sucuri Security, about two percent of the top 1 million websites on the Internet remain susceptible to the Heartbleed Bug. If you would like to donate to the Core Infrastructure Initiative, just click here.

Editors' Recommendations

Christian Brazil Bautista
Christian Brazil Bautista is an experienced journalist who has been writing about technology and music for the past decade…
Expired temporary license for Huawei in U.S. endangers Google, Android support
huawei harmonyos interview peter gauden building full

The temporary license granted by the Trump administration to allow trade between certain U.S. companies and Huawei has expired, placing the Chinese company's Android-powered smartphones at risk.

The license, which expired on August 13, was meant to help telecommunications companies operating in the rural areas of the U.S. to replace Huawei equipment with devices from other suppliers. The expiration was confirmed by the Commerce Department in an email to The Washington Post.

Read more
Google dished out $6.5M in bug bounties in 2019 with one payout worth $201K
Person typing on a computer keyboard.

Google has revealed that it paid out a total of $6.5 million in 2019 to people who found critical flaws in its software.

The cash payments are part of Google’s bug bounty program, which, since its launch in 2010, has handed out a total of $21 million.

Read more
At least one Google Pixel 4a variant will reportedly support 5G

The 5G landscape is finally taking shape as network carriers begin its rollout in a handful of countries -- and Google may be gearing up to capitalize on that to sell its forthcoming affordable phone, the Pixel 4a. A new report suggests that at least one variant of Google’s upcoming Pixel 4a range of phones will support 5G networks.

The folks at XDA Developers have managed to unearth three code names inside Android’s publicly available repositories, two of which are most likely Pixel 4a references. Further evidence discovered alongside these findings reveals that a device code-named "Redfin" is being developed on Qualcomm’s latest midrange chipset, the Snapdragon 765. The 756 SoC is Qualcomm’s first affordable processor that comes integrated with a 5G modem.

Read more