Heartbleed has sent the world’s tech companies into frenzy, especially since so much of the web relies on OpenSSL for security. To make sure something like this never happens again, the biggest names in tech are uniting forces.
Google, Facebook, Microsoft, Amazon and Cisco are just a few of the companies that have vowed to do something about it. They’ve each committed to donating at least $100,000 (€72,500) a year for the next three years.
Dubbed the Core Infrastructure Initiative, the project was created by the Linux Foundation and it seeks to invest money into the critical software infrastructure that needs it.
“After the Heartbleed crisis we asked ourselves: How did this happen and what role can The Linux Foundation play to be sure it doesn’t happen again. We decided to do what we always do: work with the industry to raise money and fund developers directly so they can do what they do best, develop, while we give them the assistance the way we do Linus Torvalds,” said Amanda McPherson, marketing chief at the Linux Foundation.
Overall, there are some 13 companies that have joined thus far, and the organization has already amassed a $3.6 million (€2.6 million) commitment from the backers. More companies are certainly going to join in as time goes by, so more cash will be attracted too.
It’s nice to see that the tech community is united in fighting security bugs that put the world and their own businesses in danger. This is exactly what the folks over at OpenSSL were hoping for when they called out to the world’s governments and tech giants to help support a stable team of developers to work on the project.
The Hearbleed bug was unveiled a couple of weeks ago, after staying hidden for more than two years, while affecting several versions of OpenSSL. Attacks using this vulnerability leave no traces behind, which makes it impossible to know whether or not hackers knew about it beforehand or not, whether data has been stolen and what specific data may have been exposed.
Companies such as Google, Facebook and Yahoo were all affected in some way or another, although they were quick to patch things up. Governmental sites from all over the world were also affected.
About two thirds of the world’s secure websites use OpenSSL, which means that the number of impacted sites is huge and that it’s quite likely that not all have been patched in the time that has passed since Heartbleed was made public.