Sign In

Communications of the ACM

ACM TechNews

To Avert Another Heartbleed, Open Source Group Narrows List of Projects in Need of Support


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Logo of the Heartbleed bug.

The Core Infrastructure Initiative was formed last year in the wake of the Heartbleed bug to identify critical open source projects and provide them with extra funding to help ensure the security of their code.

Credit: Huffington Post

The Core Infrastructure Initiative (CII), overseen by the Linux foundation, was formed last year in the wake of the Heartbleed bug to identify and provide extra funding to critical open source projects that need help ensuring the security of their code.

The group already has allocated funds to several open source projects, including Secure Shell, Network Time Protocol, and GNU Privacy Guard (GnuPG). The last project was recently profiled by ProPublica as a struggling, yet critical open source project. GnuPG developer Werner Koch has since received several thousand dollars, including a $60,000-grant from CII, to help him devote more time and resources to securing the code.

Linux Foundation executive director Jim Zemlin says CII is now working to narrow down the list of what open source projects will be the beneficiaries of its next round of grants. He says the group plans to donate $2 million a year over the next three years and it needs to be careful to funnel that money to where it will be most effective.

However, Zemlin says it is a reasonable price to pay to head off potentially dangerous vulnerabilities.

From IDG News Service
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found