Big Tech Firms Offer Millions After ‘Heartbleed’

The world's biggest technology companies are donating millions of dollars to fund improvements in open source programs like OpenSSL, the software whose "Heartbleed" bug has sent the computer industry into turmoil.

Amazon.com Inc, Cisco Systems Inc, Facebook Inc, Google Inc, IBM, Intel Corp and Microsoft Corp are among a dozen companies that have agreed to be founding members of a group known as Core Infrastructure Initiative. Each will donate $300,000 to the venture, which is recruiting more backers among technology companies as well as the financial services sector.

Other early supporters are Dell, Fujitsu Ltd NetApp Inc, Rackspace Hosting Inc and VMware Inc .

The industry is stepping up after the group of developers who volunteer to maintain OpenSSL revealed that they received donations averaging about $2,000 a year to support the project, whose code is used to secure two-thirds of the world's websites and is incorporated into products from many of the world's most profitable technology companies.

"I think we get complacent as an industry when we see something as working well or working 'well enough.' We sort of see it as a 'maintenance job,'" said Chris DiBona, director of open source and engineering with Google. "We have to be a bit more vigilant."

The Heartbleed bug has likely cost businesses tens of millions of dollars in lost productivity as they have had to update systems with safe versions of OpenSSL, according to security experts. Also, it has already resulted in at least one major cyber attack: the theft of data from Canada's tax authority.

The non-profit Linux Foundation, which promotes development of the open source Linux operating system, organized the group, whose formation it announced on Thursday.

It will support development of OpenSSL as well as other pieces of open source software that make up critical parts of the world's technology infrastructure, but whose programmers do not necessarily have adequate funding to support their work, said Jim Zemlin, executive director of the Linux Foundation.

Heartbleed is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data center software and telecommunications equipment. It makes systems vulnerable to data theft by hackers who can attack them without leaving a trace.

Open source software refers to programs developed by groups of developers spread across the globe, who seek community involvement to improve the code. Companies are typically free to incorporate such code in their products without paying any fees to volunteer developers who maintain the code.

Go here to read the rest:
Big Tech Firms Offer Millions After 'Heartbleed'