Heartbleed prompts joint vendor effort to boost OpenSSL, security
25 April 2014 | 0
Reeling from the Heartbleed security fiasco, major IT vendors, including Microsoft, IBM, Intel, Google and Cisco, are backing a Linux Foundation initiative designed to boost open source projects considered critical to the industry.
Under the Core Infrastructure Initiative, these and other tech vendors such as Fujitsu, Facebook, NetApp, Rackspace and VMware will support open source projects with funding and expertise.
Unsurprisingly, the first such project on the list for consideration is OpenSSL, the cryptographic library used by millions of websites to encrypt their communications via Secure Sockets Layer (SSL) and Transport Layer Security (TLS) whose Heartbleed vulnerability sent the entire IT industry into emergency mode earlier this month.
On 7 April, it was revealed that a severe flaw that existed since December 2011 in several versions of the OpenSSL had been patched, sending thousands of companies scrambling in turn to patch their websites.
If exploited, the flaw could allow an attacker to steal critical data, such as account and password information, from affected systems.
Open source software projects, such as OpenSSL, are developed by communities of volunteer coders, and often only have a handful of full-time staffers working on them. This was the case with OpenSSL.
OpenSSL could receive funding “for key developers” and other resources to improve its security, according to The Linux Foundation, which is organising the multi-million dollar initiative.
“We are expanding the work we already do for the Linux kernel to other projects that may need support,” said Jim Zemlin, executive director of The Linux Foundation, in a statement. “Our global economy is built on top of many open source projects.”
Juan Carlos Perez, IDG News Service