The Latest in IT Security

OpenSSL, OpenSSH, NTP Get Funding From Core Infrastructure Initiative

30
May
2014

The Linux Foundation’s Core Infrastructure Initiative (CII) announced on Thursday the open source software projects selected for the first round of funding.

The CII Steering Committee has decided that Network Time Protocol (NTP), OpenSSH and OpenSSL will be the first projects to receive support. The fact that OpenSSL is among the first projects to recieve funds is not surprising, as the impactful Heartbleed vulnerability in OpenSSL was a driving force in the creation of CII.

From CII, OpenSSL will receive funds for two, fulltime core developers, but the project is also accepting donations directly through the OpenSSL Foundation. Funding for a security audit of the OpenSSL code base will also go to the Open Crypto Audit Project (OCAP).

As far as NTP is concerned, the protocol has been increasingly abused by cybercriminals for distributed denial-of-service (DDoS) attacks. OpenSSH, the free version of the SSH protocol suite of network connectivity tools, has also been plagued by numerous vulnerabilities over the past years, and it’s important to ensure that a flaw as critical as Heartbleed will not emerge.

“All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today’s global information infrastructure,” noted Jim Zemlin, executive director at The Linux Foundation.

“CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds.”

In addition to the first projects to be funded, CII has also announced that Bloomberg, Adobe, Huawei, HP and salesforce.com have showed their support for the initiative. They join companies like Google, Intel, IBM, VMware, Facebook, Amazon, Cisco, Dell, Fujitsu, Microsoft, NetApp and Rackspace.

“Adobe believes thatopen developmentand open source software are fundamental building blocks for software development,” commented Dave McAllister, director of open source at Adobe.“The Core Infrastructure Initiative allows us to extend our support through a neutral forum that can prioritize underfunded yet critical projects. We’re excited to be a part of this work.”

The critical infrastructure projects funded by the CII will be selected by an advisory board whose members are Google’s Ted T’so, Linux kernel developer Alan Cox, Matt Green of Open Crypto Audit Project, Eben Moglen of Software Freedom Law Center; security and cryptography expert Bruce Schneier, Dan Meredith of the Radio Free Asia’s Open Technology Fund, and Eric Sears of the MacArthur Foundation.

Tweet

Previous Columns by Eduard Kovacs:OpenSSL, OpenSSH, NTP Get Funding From Core Infrastructure InitiativeAlleged Creator of BlackShades RAT Pleads Not GuiltyGoogle Launches Game to Teach XSS Bug Discovery SkillsSymantec Acquires NitroDesk to Expand Mobile Security OfferingsPinterest Launches Bug Bounty Program

sponsored links

Tags: NEWS INDUSTRY

Vulnerabilities

Comments are closed.

Categories

WEDNESDAY, SEPTEMBER 30, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments