no security without investment and openssl is finally getting some

"Google, Facebook, Microsoft, Amazon and Cisco are just a few of the companies that have vowed to do something about it. They’ve each committed to donating at least $100,000 (€72,500) a year for the next three years.

Dubbed the Core Infrastructure Initiative, the project was created by the Linux Foundation and it seeks to invest money into the critical software infrastructure that needs it.

“After the Heartbleed crisis we asked ourselves: How did this happen and what role can The Linux Foundation play to be sure it doesn’t happen again. We decided to do what we always do: work with the industry to raise money and fund developers directly so they can do what they do best, develop, while we give them the assistance the way we do Linus Torvalds,” said Amanda McPherson, marketing chief at the Linux Foundation.

Overall, there are some 13 companies that have joined thus far, and the organization has already amassed a $3.6 million (€2.6 million) commitment from the backers. More companies are certainly going to join in as time goes by, so more cash will be attracted too
http://news.softpedia.com/news/Google-Facebook-Microsoft-Others-Join-Forces-to-Prevent-Another-Heartbleed-439161.shtml

there are three important questions

First is when it will start because now there are hundreds of hackers going over the sourcecode of Openssl to find new bugs

Secondly how they are going to distribute and attribute the money because it seems that there is still a lot of cleanup work to do on openssl because it was such a mess before.

thirdly one should be sure that these sums will continue to come in every year and not only when the CEO's of the company understand its importance

The comments are closed.