The aftermath of OpenSSL’s Heartbleed bug raised some important issues about open-source software development. Many open-source projects are underfunded and understaffed, leading to unreliable code, according to a newly formed group, the Core Infrastructure Initiative, which has been created to help fund and support projects in need of assistance.
“The computing industry has increasingly come to rely upon shared source code to foster innovation,” according to the Linux Foundation’s website. “But as this shared code has become ever more critical to society and more complex to build and maintain, there are certain projects that have not received the level of support commensurate with their importance. As we just witnessed with the Heartbleed crisis, too many critical open-source software projects are under-funded and under-resourced.”
The initiative, set up by the Linux Foundation, currently includes Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace and VMware.
“These companies recognize the need for directed funds for highly critical open-source software projects they all consume and that run much of modern-day society,” said the Linux Foundation. “They also value and invest in developers and collaborative software development and want to support this important work.”
A steering committee made up of the initiative’s members will be formed in order to identify, approve and oversee projects and developers in need of support. An advisory board made up of open-source developers and community members will also be set up to guide the steering committee.
“Security is an industry-wide concern requiring industry-wide collaboration,” said Steve Lipner, partner director of software security at Microsoft. “The Core Infrastructure Initiative aligns with our participation in open source and the advancement of secure development across all platforms, devices and services.”
Currently, OpenSSL is the initiative’s first project under consideration to receive funds. Although the initiative was created as a result of the Heartbleed security crisis, the initiative said its efforts will not be limited to security-related issues.