Core Infrastructure Initiative Provides Funding to Improve OpenSSL Security

Add Your Comments

The Core Infrastructure Initiative (CCI), a project started by The Linux Foundation to fund open source projects, announced on Thursday several milestones including the first projects to receive funding.

The CCI launched in April in response to the widespread effects of the OpenSSL vulnerability, called Heartbleed.

The initiative has prioritized Network Time Protocol, OpenSSH and OpenSSL for the first round of funding. The projects were selected by the CCI Steering Committee, which comprises members of the initiative and the advisory board of industry stakeholders and developers. This committee is responsible for identifying the underfunded open source projects that support critical infrastructure, and administering the funds through The Linux Foundation.

The CCI claims that by raising funds through a neutral party like The Linux Foundation, they can give projects support while ensuring open source projects remain independent and community-driven.

According to the announcement, OpenSSL will receive funds from CCI for two, full-time core developers. The project continues to accept additional donations through the OpenSSL Foundation. In the past years, OpenSSL had only received around $2,000 per year in funding through donations.

The Open Crypto Audit Project will also receive funding to conduct a security audit of the OpenSSL code base.

“All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today’s global information infrastructure,” Jim Zemlin, executive director at The Linux Foundation said. “CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds.”

The CCI Advisory Board helps to determine which open source projects are in need of funding. Members include Alan Cox, longtime Linux kernel developer; Matthew Green, Research Professor of Computer Science at the Johns Hopkins University and co-founder of the Open Crypto Project; and Dan Meredith, director at Radio Free Asia’s Open Technology Fund. In total there are seven members on the advisory board.

“Whether we acknowledge it or not, the security of today’s Internet depends on a small number of open source projects. This initiative puts the resources in place to ensure the long-term viability of those projects. It makes us all more secure,” said Green.

Add Your Comments

  • (will not be published)