Nobody would have ever imagined that a very small bug in the OpenSSL now famously known as Heartbleed could bring entire internet industry on its knees. Finally everything settled down without any major incident reported but steps need to be taken so that these types of bug can be avoided in future. You might find it surprising that OpenSSL project has only 1 full-time developer (Hats off to this guy) who is responsible for development and maintenance of OpenSSL libraries, mentioned by OpenSSL Software foundation president Steve Marquess in a blog post.
Isn’t it shocking , yes it is. It is one of the harsh truths of open source communities as most of the open source project operates on a shoestring budget.
Steve has also written that approximately they receive $2000 every year as donation, and definitely it is very less to run an open source project like OpenSSL which has been used so widely by a number of organizations. Lack of funding always impacts on project e.g a developer can’t pay full attention to one project as they have to work on other projects also for it’s survival , project owners can’t go for enough security audits for their project as these audits are very costly.
Finally, The Linux Foundation steps in and brought together all the tech-giants like Google,Facebook,Microsoft,Oracle,IBM,Cisco etc to fund all the critical open source projects. A new committee the ”Core Infrastructure Initiative (CII)” under the administration of The Linux Foundation is formed whose main job is to work together with all leading tech companies and to find all the mission critical open source projects that are more crucial to internet security and fund them adequately.
Definitely these types of funding will provide support to the backbone of these projects ,by hiring more developers or by providing more resources like good security audits , outside reviews etc to the project.
A welcomed step taken by The Linux Foundation and tech-giants to support crucial open source projects like Open SSL.
More on Heartbleed can be read here – Heartbleed – What went wrong.
Latest posts by Saurabh Jain (see all)
- java.lang.IncompatibleClassChangeError: Found interface org.apache.hadoop.mapreduce.TaskInputOutputContext, but class was expected - August 8, 2014
- org.datanucleus.store.rdbms.exceptions.MappedDatastoreException: INSERT INTO “TABLE_PARAMS” – Hive with Kite Morphlines - July 17, 2014
- java.io.IOException: can not read class parquet.format.PageHeader: null – Hive - July 12, 2014