Tech giants join forces to help prevent another Heartbleed flaw
TORONTO – Over a dozen tech giants, including Google, Microsoft and Facebook, have joined forces to help prevent another cybersecurity flaw like Heartbleed.
The program, called the Core Infrastructure Initiative, will help fund open source projects that are “in the critical path for core computing functions,” according to a description on the group’s website.
Amazon, Cisco, Dell, IBM, Intel and numerous other tech companies have joined the group in light of the recently discovered Heartbleed bug, which created chaos for websites and online services earlier this month.
Heartbleed, which some experts have dubbed the biggest security vulnerability in the history of the Internet, was a flaw found in a line of code in OpenSSL – a widely used open-source set of libraries for encrypting online services.
The security flaw created an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and “https:” on Web browsers to show that traffic is secure. The flaw would have made it possible to snoop on Internet traffic even if the padlock was closed.
What made Heartbleed more frightening was the fact that hackers could have grabbed the keys for deciphering the encrypted data and leave no trace of ever being there.
Each of the 13 tech companies forming the Core Infrastructure Initiative committed to donating $100,000 per year for the next three years.
The website notes that the 13 companies are “early supporters” of the initiative, which means more could contribute.
The project will first focus on OpenSSL which is known to be severely underfunded and, as a result, has only a small number of developers working on it. According to the Core Infrastructure Initiative, the OpenSSL project has only received about US$2,000 per year in donations over the past few years.
© Shaw Media, 2014