Security Experts:

OpenSSL, OpenSSH, NTP Get Funding From Core Infrastructure Initiative

The Linux Foundation’s Core Infrastructure Initiative (CII) announced on Thursday the open source software projects selected for the first round of funding.

The CII Steering Committee has decided that Network Time Protocol (NTP), OpenSSH and OpenSSL will be the first projects to receive support. The fact that OpenSSL is among the first projects to recieve funds is not surprising, as the impactful Heartbleed vulnerability in OpenSSL was a driving force in the creation of CII.

Core Infrastructure Initiative

From CII, OpenSSL will receive funds for two, fulltime core developers, but the project is also accepting donations directly through the OpenSSL Foundation. Funding for a security audit of the OpenSSL code base will also go to the Open Crypto Audit Project (OCAP).

As far as NTP is concerned, the protocol has been increasingly abused by cybercriminals for distributed denial-of-service (DDoS) attacks. OpenSSH, the free version of the SSH protocol suite of network connectivity tools, has also been plagued by numerous vulnerabilities over the past years, and it’s important to ensure that a flaw as critical as Heartbleed will not emerge.

“All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today’s global information infrastructure,” noted Jim Zemlin, executive director at The Linux Foundation.

“CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds.”

In addition to the first projects to be funded, CII has also announced that Bloomberg, Adobe, Huawei, HP and salesforce.com have showed their support for the initiative. They join companies like Google, Intel, IBM, VMware, Facebook, Amazon, Cisco, Dell, Fujitsu, Microsoft, NetApp and Rackspace.

“Adobe believes that open development and open source software are fundamental building blocks for software development,” commented Dave McAllister, director of open source at Adobe. “The Core Infrastructure Initiative allows us to extend our support through a neutral forum that can prioritize underfunded yet critical projects. We’re excited to be a part of this work.”

The critical infrastructure projects funded by the CII will be selected by an advisory board whose members are Google’s Ted T’so, Linux kernel developer Alan Cox, Matt Green of Open Crypto Audit Project, Eben Moglen of Software Freedom Law Center; security and cryptography expert Bruce Schneier, Dan Meredith of the Radio Free Asia’s Open Technology Fund, and Eric Sears of the MacArthur Foundation.

view counter
Eduard Kovacs is an international correspondent for SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.