TORONTO—In the aftermath of the Heartbleed vulnerability’s emergence in 2014, the Linux Foundation created the Core Infrastructure Initiative (CII)to help prevent that type of issue from recurring. Two years later, the Linux Foundation has tasked its newly minted CTO, Nicko van Someren, to help lead the effort and push it forward.
CII has multiple efforts under way already to help improve open-source security. Those efforts include directly funding developers to work on security, a badging program that promotes security practices and an audit of code to help identify vulnerable code bases that might need help. In a video interview with eWEEKat the LinuxCon conference here, Van Someren detailed why he joined the Linux Foundation and what he hopes to achieve.
Van Someren noted that at the CII he now has the ability to help influence security that affects the operation of the internet.
When it comes to OpenSSL, the software project behind the Heartbleed flaw, CII has already had a very positive impact according to Van Someren. OpenSSL is an open-source cryptographic library that is widely used on the internet and on mobile devices. Van Someren said that, thanks to CII’s funding and support, the OpenSSL project has now been finding more bugs and fixing them faster.
“They have better processes in place as a result of the funding we’ve given them and that’s a real success,” he said.
Watch the full video interview with Nicko van Someren below:
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.