Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Cybersecurity Funding

OpenSSL, OpenSSH, NTP Get Funding From Core Infrastructure Initiative

The Linux Foundation’s Core Infrastructure Initiative (CII) announced on Thursday the open source software projects selected for the first round of funding.

The Linux Foundation’s Core Infrastructure Initiative (CII) announced on Thursday the open source software projects selected for the first round of funding.

The CII Steering Committee has decided that Network Time Protocol (NTP), OpenSSH and OpenSSL will be the first projects to receive support. The fact that OpenSSL is among the first projects to recieve funds is not surprising, as the impactful Heartbleed vulnerability in OpenSSL was a driving force in the creation of CII.

Core Infrastructure Initiative

From CII, OpenSSL will receive funds for two, fulltime core developers, but the project is also accepting donations directly through the OpenSSL Foundation. Funding for a security audit of the OpenSSL code base will also go to the Open Crypto Audit Project (OCAP).

As far as NTP is concerned, the protocol has been increasingly abused by cybercriminals for distributed denial-of-service (DDoS) attacks. OpenSSH, the free version of the SSH protocol suite of network connectivity tools, has also been plagued by numerous vulnerabilities over the past years, and it’s important to ensure that a flaw as critical as Heartbleed will not emerge.

“All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting today’s global information infrastructure,” noted Jim Zemlin, executive director at The Linux Foundation.

“CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds.”

In addition to the first projects to be funded, CII has also announced that Bloomberg, Adobe, Huawei, HP and have showed their support for the initiative. They join companies like Google, Intel, IBM, VMware, Facebook, Amazon, Cisco, Dell, Fujitsu, Microsoft, NetApp and Rackspace.

Advertisement. Scroll to continue reading.

“Adobe believes that open development and open source software are fundamental building blocks for software development,” commented Dave McAllister, director of open source at Adobe. “The Core Infrastructure Initiative allows us to extend our support through a neutral forum that can prioritize underfunded yet critical projects. We’re excited to be a part of this work.”

The critical infrastructure projects funded by the CII will be selected by an advisory board whose members are Google’s Ted T’so, Linux kernel developer Alan Cox, Matt Green of Open Crypto Audit Project, Eben Moglen of Software Freedom Law Center; security and cryptography expert Bruce Schneier, Dan Meredith of the Radio Free Asia’s Open Technology Fund, and Eric Sears of the MacArthur Foundation.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Forty cybersecurity-related M&A deals were announced in January 2023.


Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023.