It was about time the big corporations stepped up and started financing open source

Apr 25, 2014 11:47 GMT  ·  By
Security experts discuss the investments made by  tech companies into Open Source
   Security experts discuss the investments made by tech companies into Open Source

Yesterday, it was announced that the world’s biggest tech firms united forces in support for open source and that’s particularly good news, according to experts in the field.

As mentioned, the Core Infrastructure Initiative is a project created by the Linux Foundation that seeks to financially support the critical software infrastructure when it is needed.

“After the Heartbleed crisis we asked ourselves: How did this happen and what role can The Linux Foundation play to be sure it doesn’t happen again. We decided to do what we always do: work with the industry to raise money and fund developers directly so they can do what they do best, develop, while we give them the assistance the way we do Linus Torvalds,” said Amanda McPherson, marketing chief at the Linux Foundation.

13 companies have joined thus far, including Google, Facebook and Microsoft, and some $3.6 million (€2.6 million) have so far been committed by backers.

“This is a great step in the right direction and a major nod to the importance of open source by some of the biggest vendors in the world. The amount of money is without a doubt the secondary story here as it will have a small impact in the near term. It would be great to see even a greater embrace and investment in these types of initiatives by the big players,” said Mike Ellis, CEO and co-founder of Forge Rock, a company that offers open source feedback for all products.

Even so, Ellis recommends that more businesses look at commercial open source options and invest in startups in this area.

“Unlike an open source initiative, commercial open source vendors are dedicated to providing production-ready and tested open source offerings. These go way beyond what typical open source projects do and they invest a great deal of money in building stable, next-generation platforms. These not only lead to better security, but provide potential commercial alternatives to proprietary vendors,” he believes.

Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, said that the trust in the digital works had been shattered, while the mechanisms intended to protect the Internet continue to be vulnerable.

Bocek sees the consortium as a start in the right direction, but more needs to be done. Citing security experts such as Bruce Schneier, he believes that the trust in data centers, apps and cloud services needs to be rebooted after Heartbleed.

Marc Gaffan, co-founder of security firm Incapsula, also supports the initiative. “We have said that OpenSSL, an important tool for millions of large organizations, needs more oversight and support. We’re happy to see the Linux Foundation step up to support OpenSSL and we look forward to the opportunity to participate in the program.”