Linux Foundation Aims to Prevent Next Heartbleed, Recruits Tech Giants
IBM, Intel, Cisco, Dell, Facebook, Microsoft and others join the Linux Foundation's Core Infrastructure Initiative to prevent future crises like Heartbleed.The Linux Foundation has assembled many of the world's leading IT vendors together in a new effort to fund core infrastructure projects and help prevent another Heartbleed from ever happening again. Participants in the Core Infrastructure Initiative, led by the Linux Foundation, include VMware, Rackspace, NetApp, Microsoft, Intel, IBM, Google, Fujitsu, Facebook, Dell, Amazon and Cisco. Those industry heavyweights have committed to contributing funds to help developers who are building core infrastructure projects like OpenSSL. "Sometimes it takes a crisis to do the right thing," Jim Zemlin, executive director of the Linux Foundation, told eWEEK. "There is nothing broken in the open-source model, but we wanted to see what lessons could be learned from Heartbleed and how we could make something good come out of it." The Heartbleed security flaw, disclosed April 7, is a vulnerability in the open-source OpenSSL cryptographic library that is widely used on servers and embedded devices around the world. In light of the flaw's impact, some have questioned the cost of the open-source model itself. The OpenSSL community itself is not well-funded, and the OpenSSL Software Foundation has publicly requested donations.
Discussions on how to help projects like OpenSSL with their needs ramped up last week, Zemlin said, adding that he was looking for a way to go beyond what the Linux Foundation was already doing.