April 24, 2014 11:10 am

Tech giants join forces to help prevent another Heartbleed flaw

An encryption flaw now known as the Heartbleed bug has made a major impact on online security. The flaw has affected many online services and websites that Canadians access every day.

Graphic/Global News

TORONTO – Over a dozen tech giants, including Google, Microsoft and Facebook, have joined forces to help prevent another cybersecurity flaw like Heartbleed.

The program, called the Core Infrastructure Initiative, will help fund open source projects that are “in the critical path for core computing functions,” according to a description on the group’s website.

Story continues below

Amazon, Cisco, Dell, IBM, Intel and numerous other tech companies have joined the group in light of the recently discovered Heartbleed bug, which created chaos for websites and online services earlier this month.

READ MORE: What’s affected by the Heartbleed bug and what passwords you need to change

Heartbleed, which some experts have dubbed the biggest security vulnerability in the history of the Internet, was a flaw found in a line of code in OpenSSL – a widely used open-source set of libraries for encrypting online services.

The security flaw created an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and “https:” on Web browsers to show that traffic is secure. The flaw would have made it possible to snoop on Internet traffic even if the padlock was closed.

What made Heartbleed more frightening was the fact that hackers could have grabbed the keys for deciphering the encrypted data and leave no trace of ever being there.

READ MORE: Heartbleed may lead to more security audits, advanced security services

Each of the 13 tech companies forming the Core Infrastructure Initiative committed to donating $100,000 per year for the next three years.

The website notes that the 13 companies are “early supporters” of the initiative, which means more could contribute.

The project will first focus on OpenSSL which is known to be severely underfunded and, as a result, has only a small number of developers working on it. According to the Core Infrastructure Initiative, the OpenSSL project has only received about US$2,000 per year in donations over the past few years.

 

© Shaw Media, 2014

Report an error

Comments