Heartbleed hit – OpenSSL gets support

Nobody would have ever imagined that heartbleeda very small bug in the OpenSSL now famously known as Heartbleed could bring entire internet industry on its knees. Finally everything settled down without any major incident reported but steps need to be taken so that these types of bug can be avoided in future. You might find it surprising that OpenSSL project has only 1 full-time developer (Hats off to this guy) who is responsible for development and maintenance of OpenSSL libraries, mentioned by OpenSSL Software foundation president Steve Marquess in a blog post.

Isn’t it shocking , yes it is. It is one of the harsh truths of open source 
communities as most of the open source project operates on a shoestring budget.

Steve has also written that approximately they receive $2000 every year as donation, and definitely it is very less to run an open source project like OpenSSL which has been used so widely by a number of organizations. Lack of funding always impacts on project e.g a developer can’t pay full attention to one project as they have to work on other projects also for it’s survival , project owners can’t go for enough security audits for their project as these audits are very costly.

Finally, The Linux Foundation steps in and brought together all the tech-giants like Google,Facebook,Microsoft,Oracle,IBM,Cisco etc to fund all the critical open source projects. A new committee the ”Core Infrastructure Initiative (CII)” under the administration of The Linux Foundation is formed whose main job is to work together with all leading tech companies and to find all the mission critical open source projects that are more crucial to internet security and fund them adequately.
logo_ciiDefinitely these types of funding will provide support to the backbone of these projects ,by hiring more developers or by providing more resources like good security audits , outside reviews etc to the project.

A welcomed step taken by The Linux Foundation and tech-giants to support crucial open source projects like Open SSL.

More on Heartbleed can be read here – Heartbleed – What went wrong.

Image Source : Heartbleed.com and linuxfoundation.org


 

Let'sConnect

Saurabh Jain

A Developer working on Enterprise applications ,Distributed Systems, Hadoop and BigData.This blog is about my experience working mostly on Java technologies ,NoSQL ,git , maven and Hadoop ecosystem.
Let'sConnect
Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>