Linux Foundation Aims to Prevent Next Heartbleed, Recruits Tech Giants
The Linux Foundation has assembled many of the world's leading IT vendors together in a new effort to fund core infrastructure projects and help prevent another Heartbleed from ever happening again.
Participants in the Core Infrastructure Initiative, led by the Linux Foundation, include VMware, Rackspace, NetApp, Microsoft, Intel, IBM, Google, Fujitsu, Facebook, Dell, Amazon and Cisco. Those industry heavyweights have committed to contributing funds to help developers who are building core infrastructure projects like OpenSSL.
"Sometimes it takes a crisis to do the right thing," Jim Zemlin, executive director of the Linux Foundation, told eWEEK. "There is nothing broken in the open-source model, but we wanted to see what lessons could be learned from Heartbleed and how we could make something good come out of it."
The Heartbleed security flaw, disclosed April 7, is a vulnerability in the open-source OpenSSL cryptographic library that is widely used on servers and embedded devices around the world. In light of the flaw's impact, some have questioned the cost of the open-source model itself. The OpenSSL community itself is not well-funded, and the OpenSSL Software Foundation has publicly requested donations.
Discussions on how to help projects like OpenSSL with their needs ramped up last week, Zemlin said, adding that he was looking for a way to go beyond what the Linux Foundation was already doing.
"We want to double down on open source since a little help goes a long way," Zemlin said. "We have now raised a considerable amount of resources."
Zemlin explained that the Core Infrastructure Initiative at the Linux Foundation asked for a $100,000-a-year, three-year commitment from each participating company. In total, more than $3 million has been raised so far.
"Every company I called, when I told them about what we were doing, they all got it and just wanted to help," Zemlin said.
Each contributing vendor in the Core Infrastructure Initiative will have a seat on the steering committee for the group, which will also have an advisory board. The basic idea is to have an organizational structure to help identify the projects and the developers that will receive funding. The foundation has been funding core Linux developers for years, most notably Linux creator Linus Torvalds, in a similar kind of model for Linux.
The Core Infrastructure Initiative will not look to impose direction on developers or open-source projects, but rather will seek to work with open-source communities like OpenSSL, Zemlin said. "It is super-important that we respect the community," he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.