More than a dozen of the biggest companies on the web including Amazon, Google, Facebook and Microsoft have formed an alliance to prevent the occurrence of Heartbleed, the vulnerability in OpenSSL that threatens the security of web. It may be one of the most widespread threats that have been experienced in the history of the Internet, as OpenSSL is used by more than 60 % of the servers on the web.
The problem in the Open source project was introduced about two years and originated from some errant code that was introduced after an upgrade. The bug allowed the encryption keys to be disclosed without anyone knowing. The encryption keys are what are needed to decode information that is transferred from client to servers.
The program formed by some of the webs’ biggest giants, such as Facebook and Google has been termed the Core Infrastructure Initiative, is seen an extension of the Linux Foundation, which is a non-profit organization, that is a dedicated to promote the development of Linux chartered to foster the growth of Linux. According to the website members of the Core Infrastructure Initiative, also include IBM, Dell, Fujitsu, Cisco and several others.
The heavyweights such as Facebook, Google and others that have united to prevent another Heartbleed, have committed to providing funds that total millions of dollars to strapped projects such as the Open Source Foundation. The tech giants have committed to providing $100,000 annually over the next three years, and more high profile member corporations are expected to join the initiative in the coming months. The group is also expected to include open-source developers, and other stakeholders. The funds will be managed by the Linux foundation, and an advisory or steering committee will be established to set priorities.
The first project that has been established is to provide support the severely underfunded Open SSL that has been the source of the Heartbleed vulnerability. In the last 12 months, the project was able to raise only $2000, and much of the work was done by volunteers.
It appears that the Heartbleed fiasco has turned out to be a valuable teaching experience, as the bigger corporations now appear to be willing to give back to projects, such as OpenSSL. It can be hoped that new ideas to foster cooperation can continue to help make the web much safer.
Jim Zemlin, executive director of the Linux Foundation, sees more companies joining the foundation which was formed in 2000, to support the work done by Linux creator, Linus Torvalds. There is no shortage of projects that are faced by the foundation, as many other open source projects such as the Border Gateway Protocol project, which is vulnerability in the routing system that can allow hackers to eavesdrop on digital conversations.
As the Internet giants, such as Facebook and Google, form the alliance to prevent the occurrence of another security breach such as Heartbleed, it is entirely possible that the same or similar initiatives can be developed to help fight against hackers and cyber criminals who seem to winning the battle. The problems appear to be not only funding, but it also appears that the resources and skills need may be in short supply, but with similar efforts, some solutions can be made possible.
By Dale Davidson