The Linux Foundation has started a very interesting project called the Core Infrastructure Initiative that will ensure that projects like OpenSSL will no longer remain unfunded. Now, the first full-time developers have been assigned to the OpenSSL project, a sign that things are going back to normal.
A couple of months ago, it was discovered that OpenSSL had a number of vulnerabilities that turned out to be more serious than anyone would have guessed. After the issues were fixed, people and companies from all over the world realized that the OpenSSL was probably the most unfunded project that was being used all over the Internet.
The Linux Foundation started the Core Infrastructure Initiative (CII), which is a gathering of companies from all over the world that understood a simple fact. You can put your entire business and profits on the line and hope that some developers working in their free time will ensure that everything works.
Projects like OpenSSL and OpenSSH need to be funded, especially because they are an intricate part of the Internet ecosystems, and, if something were to go wrong, everyone would have to suffer, indiscriminately.
“Upon an initial review of critical open source software projects, the CII Steering Committee has prioritized Network Time Protocol, OpenSSH and OpenSSL for the first round of funding. OpenSSL will receive funds from CII for two, fulltime core developers. The OpenSSL project is accepting additional donations, which can be coordinated directly with the OpenSSL Foundation.”
“The Open Crypto Audit Project (OCAP) will also receive funding in order to conduct a security audit of the OpenSSL code base. Other projects are under consideration and will be funded as assessments are completed and budget allows,” reads the announcement from The Linux Foundation.
This is just the start for the Core Infrastructure Initiative (CII), which is comprised of companies such as Google, Amazon, Adobe, HP, Intel, Dell, Facebook, Microsoft, IBM, Cisco, and quite a few others.
Other projects will follow soon and the decision regarding the funding of those pieces of software will be made by the CII Steering Committee, which is under the umbrella of The Linux Foundation.
The development of such important projects can no longer be left to chance and it's likely that more and more companies will join this initiative.
The Linux Foundation already provides the funding needed for the Linux Kernel, which is the biggest open source project in existence, so they know what they are doing.