The Linux Foundation’s Core Infrastructure Initiative (CII) is turning its focus to three new open-source projects. And the Foundation itself has announced the initiative will be providing more than US$450,000 in financial support to help those projects provide better security.
“While each project we’re announcing funding for today is quite different, each is critical to our global computing infrastructure and cybersecurity,” said Jim Zemlin, executive director of the Linux Foundation.
(Related: The CII takes up OpenSSL security audit)
The Core Infrastructure Initiative was created in the aftermath of OpenSSL’s Heartbleed crisis. The goal of the group is to help fund and support open-source projects that are underfunded and understaffed. The new projects include Reproducible Builds, the Fuzzing Project, and False-Positive-Free Testing.
Reproducible Builds allows users to reproduce byte-by-byte identical binary packages from a given source. The Initiative is giving the project a $200,000 grant to ensure that no flaws are introduced during the build process, and to collaborate with other distributions.
The Fuzzing Project provides a solution for detecting security problems in software or computer systems. The Initiative is giving the project $60,000 to continue its work in finding and reporting fuzzer-related issues.
False-Positive-Free Testing will be receiving $192,000 from the Initiative to create an open-source TIS Interpreter designed to detect bugs with no false positives.
In addition, the Linux Foundation announced a new senior director of infrastructure security for the Core Infrastructure Initiative, Emily Ratliff. She will manage membership growth, grant proposals and funding, and manage newly created tools and services.
“These new grants, combined with the stellar addition of Emily, mean CII is well-positioned to address critical infrastructure vulnerabilities in the months and years ahead,” said Zemlin. “Emily’s extensive Linux security experience and standards involvement will be a major asset to CII’s work as we move beyond point-fixes toward more holistic solutions for open-source security.”