Skip to main content

Facebook, Microsoft, Google, and peers pledge support for OpenSSL

cupid the new heartbleed attack method that affects android devices bug

The Linux Foundation has collaborated with major tech companies for a three-year initiative called the “Core Infrastructure Initiative,” which aims to prop up underfunded open-source projects. First on the list would be OpenSSL, which can be found in millions of Web servers and mobile devices. Though it’s been patched, in early April we learned that it had a flaw in it that’s been named the Heartbleed Bug

Facebook, Google, Microsoft, Amazon, Cisco, Dell, Fujitsu, IBM, Intel, NetApp, Rackspace, Qualcomm, and VMWa re each pledged $100,000 per year over the next three years. The total funding for the initiative would come to about $3.9 million. While it is unlikely that the whole amount will go to OpenSSL, its newfound funding represents a significant financial jump. 

Related Videos

As websites scurried to implement security patches for the Heartbleed Bug, Steve Marquess, the co-founder and president of the OpenSSL Software Foundation, called for more donations for his organization. According to Marquess, the OpenSSL Software Foundation only pulls in about $2,000 a year in donations and can only afford to hire one full-time employee and a handful of part-timers. The group supports itself through support contracts. However, Marquess said that they have never raised more than $1 million in annual funding.      

“There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work,” Marquess said in a blog post published on April 12. 

In his address, Marquess also called out his new benefactors, saying: “I’m looking at you, Fortune 1000 companies. The ones who include OpenSSL in your firewall/appliance/cloud/financial/security products that you sell for profit, and/or who use it to secure your internal infrastructure and communications. The ones who don’t have to fund an in-house team of programmers to wrangle crypto code, and who then nag us for free consulting services when you can’t figure out how to use it. The ones who have never lifted a finger to contribute to the open source community that gave you this gift. You know who you are.”    

It seems Marquess’ rant has struck a nerve. Top tech companies are finally opening their wallets. “Open source software is important to organizations like AWS, which deliver secure Internet experiences and services for customers,” said Steve Schmidt, the chief information security officer for Amazon Web Services, in a press release. “We are pleased to be part of the Core Infrastructure Initiative and to work with the Linux Foundation to foster continued innovation and security in key open source projects that can benefit us all.”

“Open source software makes today’s computing infrastructure possible. Facebook is excited to support these projects and the developers who maintain them. This initiative will help ensure that these core components of internet infrastructure get the assistance they need to respond to new threats and to reach new levels of scale,” said Doug Beaver, the engineering director of traffic & edge at Facebook. 

The OpenSSL security vulnerability, which plunged the Internet into a state of panic when it was first revealed on April 7, exposed the user information of about 66 percent of the world’s active websites. According to Sucuri Security, about two percent of the top 1 million websites on the Internet remain susceptible to the Heartbleed Bug. If you would like to donate to the Core Infrastructure Initiative, just click here.

Editors' Recommendations

How to cancel Spotify Premium on your desktop or iOS device
The app screen on Spotify that says Cancel Premium.

Spotify is the world's most popular music and podcast streaming service for a reason. It has a catalog of over 100 million songs, the interface is fun and easy to use, and it's full of features that allow for music discovery, great playlist creation, and sharing. And while its main Achilles heel is that it doesn't offer higher resolution audio like many of its competitors such as Apple Music, Tidal, and Amazon Music, it's Premium tiers are reasonably priced at between $10 and $16 per month. So why would anyone want to cancel Spotify?

Read more
I love the Galaxy S23 — here are 5 things the iPhone still does better
Samsung Galaxy S23 Ultra and Apple iPhone 14 Pro

Samsung’s Galaxy S23 has arrived to the masses, and it’s one of the best Android phones you can get right now, especially the S23 Ultra. However, for those who don’t need all of the fancy bells and whistles, like the S Pen and 200MP main camera, the regular S23 is also plenty powerful for the average person, especially if you prefer smaller devices.

I’ve been using the Galaxy S23 for the past few weeks, and so far, my experience has been delightful. I know that it’s still early on in the year, but for me, the S23’s small size is perfect and comfortable. Android also does a lot of things better than iOS, like individual volume controls and notifications, for example. But I am still primarily using my iPhone 14 Pro — despite Apple having some big flaws, such as overprocessing images after you capture them.

Read more
How to drop a pin in Google Maps
google maps

Pins are a convenient Google Maps feature that allows you to save a location. You can drop a pin to save an address or mark a location if it doesn’t have an address or if the address is incorrect. Your pins will help you navigate to these locations again, and you can also share them with your friends to indicate a meetup location.

Read more