Core Infrastructure Initiative Logo

Heartbleed Prompts Fiscal Lifeline For Open Source

One of the most powerful (and substantive) realizations to come out of the news about the ‘Heartbleed’ OpenSSL vulnerability was that open source projects need help and attention from the tech community that relies on their fruits.

Core Infrastructure Initiative Logo
The Core Infrastructure Initiative will direct private funds to the maintenance of critical, open source projects.

I’ve written about this before – noting Apple’s reluctance to put some of its considerable cash hoard towards supporting open source projects it relies on (like the Apache Software Foundation), as have others.

[Read Security Ledger’s coverage of the Heartbleed vulnerability here.]  

Now that idea appears to have taken root. On Thursday, the Linux Foundation announced the creation of the Core Infrastructure Initiative, a multi-million dollar project to fund open source projects that are in the critical path for core computing functions.

The CII group has some substantial backing. Google, Cisco, Microsoft, Facebook, Amazon, IBM, Intel, Samsung, Fujitsu and VMWare all signed on to the CII Steering Committee. (Surprising (or not): Apple was not one of the firms supporting the CII.)

The group was “inspired by the Heartbleed OpenSSL crisis,” The Linux Foundation said in a statement, and will use funds contributed by members to “identify and fund open source projects in need.” Investments will be administered by the Linux Foundation and directed by a steering group composed of backers of the project and “key open source developers and other industry stakeholders,” the Foundation said.

Among the activities that will be funded are fellowships for key developers to work full-time on an open source project, security audits of open source projects, computing and test infrastructure, as well as travel, face-to-face meeting coordination and other support.

One Comment

  1. These are some HUGE names and, I would imagine, a ton of money backing this project. But money usually means red tape and politics. Could a coalition like this really work and make significant changes? Or is it just going to muddy the waters even more?