I think we are on the verge of a new era of partnership with government - Steve 'Understatement' Ballmer
THE LINUX FOUNDATION announced on Thursday that the Core Infrastructure Initiative (CII), the industry body set up in the wake of the OpenSSL Heartbleed bug, has announced its first round of initiatives.
The CII will fund two full-time developers to work on the OpenSSL project and an audit about OpenSSL by the Open Crypto Audit Project (OCAP).
Jim Zemlin, executive director at The Linux Foundation said, "All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today's global information infrastructure."
The news comes in a week when another open source cryptography software product, Truecrypt, announced that it had unresolved security vulnerabilities that made it unreliable as an encryption tool, despite being given the all clear by OCAP just a month previously.
The CII funding represents industry acceptance of the OpenSSL project, with funding and support coming from almost every corner of the industry, including Google, IBM, Microsoft and HP, with the CII management housed at the Linux Foundation.
An additional fork of the project, known as LibreSSL, is maintained by the curators of OpenBSD, the open source Unix operating system. LibreSSL hopes to reintegrate with and supersede OpenSSL in the future, but has been hampered by the CII decision to concentrate funding on OpenSSL
The CII has also committed funding for maintaining two other protocols - the Network Time Protocol (NTP), which despite being one of the oldest protocols in the internet still has the potential to be exploited, and OpenSSH, the world's most prevalent secure shell protocol used to encrypt direct traffic between computers.
The Heartbleed bug demonstrated to the world that being apathetic about the nuts and bolts of internet security can have dire consequences, and these initiatives by the CII, it is hoped, will avoid future problems.
Earlier this year, Mozilla offered a $10,000 bounty for anyone able to create "rock solid" protection against the Heartbleed bug. µ