The three technology giants, Google, Microsoft and Facebook, have joined hands to stop the Heartbleed! The Heartbleed bug was undetected for the last two years, and a sudden detection has raised eyebrows of researchers. If neglected, it can reveal sensitive information, which can adversely affect the privacy of many users. This bug was identified earlier this April and after its identification, all the major organizations have rectified this flaw in the form of an online encryption.
There is one question that is still haunting the researchers as to how can this bug be fixed forever so that it does not arise again. The bug which was identified, involved a piece of software named OpenSSL and as the name suggests, it is from an open source. It was used by numerous websites in order to secure various user data like credit card information, passwords and user-ids. One of the biggest problems associated with OpenSSL is that this software is run by a team that consists of only four developers. Among these developers, only one person is available on a full time basis.
This means, that the developers have a very limited time to do the necessary testing and auditing that is required to make the project’s codes perfect. In fact, this problem is not limited to this open source software or OpenSSL. There are many open source projects that enjoy large amount of funding and contributions by corporate giants which include Linux, Firefox Web Browser, and the Apache Web Server. There are even smaller and critical open source softwares that receive much less attention and money.
The Linux Foundation announced on Thursday that it would take a shot at solving and fixing this major problem. A novice organization called the Core Infrastructure Initiative has been launched and is backed by Google, Facebook and the many such organizations. This non-profit group will fund some of the most important projects over the internet and let the developers work on them on a full time basis. It would also chip in for better security audits, travel expenses, test infrastructure and all other types of support. This is indeed a big step taken by Google, Microsoft and Facebook to prevent the Heartbleed.
According to Amanda McPherson, the Linux Foundation has already started working with the industry to raise fund. This fund would be required to take the project on-board by funding the developers, so that they start working at what they are considered the best.
All the major players of the technological world such as Google, Amazon, Facebook, Cisco, Dell, and Microsoft are backers of this initiative to prevent Heartbleed. Other backers include Fujitsu, Intel, IBM and Rackspace. These backers have already committed a sum of $3.6 million and it is expected that this sum will grow in near future as more and more companies will join this initiative. The first project that the organization will undertake is the OpenSSL and other projects will soon follow if everything goes to plan. Moreover, The Linux Foundation is perfect for projects similar to OpenSSL. Also, there are over 100 corporate members in that non-profit consortium, like IBM and HP.
By Sunando Basu