One of the most powerful (and substantive) realizations to come out of the news about the ‘Heartbleed’ OpenSSL vulnerability was that open source projects need help and attention from the tech community that relies on their fruits.
I’ve written about this before – noting Apple’s reluctance to put some of its considerable cash hoard towards supporting open source projects it relies on (like the Apache Software Foundation), as have others.
[Read Security Ledger’s coverage of the Heartbleed vulnerability here.]
Now that idea appears to have taken root. On Thursday, the Linux Foundation announced the creation of the Core Infrastructure Initiative, a multi-million dollar project to fund open source projects that are in the critical path for core computing functions.
The CII group has some substantial backing. Google, Cisco, Microsoft, Facebook, Amazon, IBM, Intel, Samsung, Fujitsu and VMWare all signed on to the CII Steering Committee. (Surprising (or not): Apple was not one of the firms supporting the CII.)
The group was “inspired by the Heartbleed OpenSSL crisis,” The Linux Foundation said in a statement, and will use funds contributed by members to “identify and fund open source projects in need.” Investments will be administered by the Linux Foundation and directed by a steering group composed of backers of the project and “key open source developers and other industry stakeholders,” the Foundation said.
Among the activities that will be funded are fellowships for key developers to work full-time on an open source project, security audits of open source projects, computing and test infrastructure, as well as travel, face-to-face meeting coordination and other support.