If the Heartbleed scare taught us anything, it’s that everyone is vulnerable, and there are more cracks out there waiting to be discovered. Facebook, Google, and the Internet’s other Goliaths aren’t immune to something as seemingly benign as a sloppy string of code.
Part of that is an infrastructure problem. Historically speaking, devoting resources to information security has just not been a priority for companies, especially startups. Starting today, however, it appears that the web’s big names are starting to be proactive about making the web more secure, with the unveiling of the Core Infrastructure Initiative.
Led by the Linux Foundation, the initiative’s goal is to fund “open source projects that are in the critical path for core computing functions.”
Who’s on board? Amazon, Facebook, Microsoft, Google, Cisco, Rackspace, and more are among the initial supporters. Each company will provide $100,000 a year for a minimum of three years, which will be used to fund the improvement of open source software, such as the encryption tool OpenSSL, which contained the Heartbleed exploit. The thinking goes that if you have more paid eyeballs on open source projects, you can plug the next vulnerability before it’s too late.
In the case with OpenSSL, which inspired the initiative, “no one was looking at the code,” said Jim Zemlin, executive director of the Linux Foundation. “Can we together take a broader view and maybe lower the risk that the next Heartbleed will happen? I do think that is the case, with a modicum of resources.”CG