Open SSL Project receives funding from the new Core Infrastructure Initiative

03 Jun 2014

The Open SSL Project has received funding from the new Core Infrastructure Initiative in a move that follows the Heartbleed exploit. The exploit exposed a flaw in Open SSL, the cryptographic tool providing communication security and privacy over the internet, http://www.govinfosecurity.com reported.

The initiative had been designed to provide funding for the critical open-source projects of The Linux Foundation, a not-for-profit consortium dedicated to promoting the growth of Linux and collaborative software development.

The OpenSSL Project, an ongoing, collaborative volunteer effort working on cryptographic functionality, would receive enough funding under the new initiative to hire two full-time core developers.

The Open Crypto Audit Project, providing technical assistance to open source software projects, would also receive funding to conduct a security audit of the OpenSSL code base.

The level of funding was not revealed by the institute.

According to Jim Zemlin, exective director at The Linux Foundation who spoke to Information Security Media Group, OpenSSL was one of the world's most widely used security libraries.

He added, it was their hope that the combination of a full audit of their code base by a third party, along with funding for core developers, would improve the quality of that code.

Matthew Green, a research professor of computer science at Johns Hopkins University and a co-founder of the Open Crypto Audit Project, said the security of the internet depended on a small number of open-source projects.

Meanwhile, The Inquirer reported that nothing made the competition driven tech industry band together like security, as was seen last month with the Heartbleed bug affecting nearly everyone in the industry.

The attack prompted millions of customers to change their passwords and rethink the safety that the services provided to them. The Wall Street Journal reported that several of the biggest tech firms were doing what they could to prevent the next Heartbleed by helping to pay the salaries of full-time employees and funding an audit for the OpenSSL Project.

The OpenSSL Project's work, involved managing the code for many of the most common online encryption tools. The Linux Foundation would be funding the inititiative, but with money donated by Google, Amazon, Dell, Facebook, IBM and others.

Nokia, Huawei Technologies and Smartisan had also pledged a sum of $50,000 a year directly to OpenSSL.

The Inquirer quoted Steve Marquess, head of the OpenSSL Foundation as saying it was not the way, they would have chosen to get that recognition, but it had been the way it had worked out.