Technology

Tech giants team up to prevent new ‘Heartbleed’

by Julian Hattem 04/24/14 10:06 AM ET

Amazon, Facebook, Microsoft, Google and a host of other computer and Internet titans are launching a new effort to prevent software glitches like the “Heartbleed” bug from ever happening again.

The companies are backers of the Linux Foundation’s new multimillion-dollar Core Infrastructure Initiative, which was announced on Thursday to help support open source projects that might need some help.

{mosads}At the top of the list is OpenSSL, an incredibly popular encryption technology at the root of the Heartbleed issue. The foundation behind the open source code receives just $2,000 in donations a year, which analysts said made it possible for coders to miss the flaw.

“Our global economy is built on top of many open source projects,” Linux Foundation Executive Director Jim Zemlin said in a statement.

With the new effort, “we will now be able to support additional developers and maintainers to work full-time supporting other essential open source projects,” he added. “We are thankful for these industry leaders’ commitment to ensuring the continued growth and reliability of critical open source projects such as OpenSSL.”

The Linux Foundation, a nonprofit that supports the Linux operating system, is administering funds for the new initiative and will be supported by a steering group with representatives from a dozen tech companies and others in the industry.

According to Ars Technica, the initiative will rely on $3.9 million over the first three years, with each company contributing $100,000 per year.

Money will support developers working on open source projects, security audits and other activities.

“Open source software makes today’s computing infrastructure possible,” added Doug Beaver, a Facebook engineering director. “This initiative will help ensure that these core components of Internet infrastructure get the assistance they need to respond to new threats and to reach new levels of scale.”

The Heartbleed bug existed in OpenSSL for about two years, but was not disclosed to the public until researchers came upon it this month. The glitch makes it possible to trick a computer into sharing passwords and the private keys that protect websites.

No massive attacks have been linked to the bug so far, but news about the glitch sent developers scrambling and had websites across the Internet urging users to change their passwords.