Linux Foundation's CII Funds Efforts to Prevent the Next Heartbleed
In an effort to find the next Heartbleed before it happens, the Core Infrastructure Initiative is taking aim at securing OpenSSL, OpenSSH and NTP.The Linux Foundation is making good on its promise to help prevent the next Heartbleed before it happens. On April 24, the Linux Foundation announced its Core Infrastructure Initiative (CII) to fund open-source projects, and it is now providing details on which projects it will initially help to secure. The Heartbleed security flaw, disclosed April 7, is a vulnerability in the open-source OpenSSL cryptographic library that is widely used on servers and embedded devices around the world. One of the many potential reasons why Heartbleed occurred in the first place is due to a lack of resources and funding, which is something that CII aims to correct. Jim Zemlin, executive director of the Linux Foundation, told eWEEK that to date CII has raised $5.4 million in funding. The effort now includes the participation of Adobe, Bloomberg, Hewlett-Packard and Salesforce.com. Those vendors join VMware, Rackspace, NetApp, Microsoft, Intel, IBM, Google, Fujitsu, Facebook, Dell, Amazon and Cisco, which joined CII in April. With the funding in hand, CII has now also put together an advisory board made up of well-known industry experts to help direct where the money should go. The advisory board includes Linux kernel developers Alan Cox and Ted T'so, John Hopkins University professor Matthew Green, Columbia University professor Eben Moglen and renowned cryptography expert Bruce Schneier.
"The advisory board members are volunteering their time to help inform CII," Zemlin said. "We're grateful for their generous support."