Communications of the ACM
To Avert Another Heartbleed, Open Source Group Narrows List of Projects in Need of Support
The Core Infrastructure Initiative was formed last year in the wake of the Heartbleed bug to identify critical open source projects and provide them with extra funding to help ensure the security of their code.
Credit: Huffington Post
The Core Infrastructure Initiative (CII), overseen by the Linux foundation, was formed last year in the wake of the Heartbleed bug to identify and provide extra funding to critical open source projects that need help ensuring the security of their code.
The group already has allocated funds to several open source projects, including Secure Shell, Network Time Protocol, and GNU Privacy Guard (GnuPG). The last project was recently profiled by ProPublica as a struggling, yet critical open source project. GnuPG developer Werner Koch has since received several thousand dollars, including a $60,000-grant from CII, to help him devote more time and resources to securing the code.
Linux Foundation executive director Jim Zemlin says CII is now working to narrow down the list of what open source projects will be the beneficiaries of its next round of grants. He says the group plans to donate $2 million a year over the next three years and it needs to be careful to funnel that money to where it will be most effective.
However, Zemlin says it is a reasonable price to pay to head off potentially dangerous vulnerabilities.
From IDG News Service
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found