Apr 28, 2014
Heartbleed is one of the biggest security breaches we have seen for a huge number of years. There was a line of code in OpenSSL (the encryption technology used by the vast majority of servers) that enabled an attacker to get more information than he was entitled to. In other words, he could get access to your personal details, your login details, and all the content that’s tied to your account.
1. Public Awareness About Heartbleed And The patch
It is both shocking and tragic that the bug existed in the technology for 2 years without anyone knowing about it. Well, at least someone outside of the inner circle. Luckily, at the point of writing this, things have been patched up, so there is no reason to panic. Still, it’s generally a good idea to change your passwords, just as a safety precaution.
2. Companies that support the development of open-source technologies
Both Google and Facebook have promised to commit at least $100.000 per year to fund open-source projects that are of critical importance to the information technology. This will last for the next three years. One of these projects is OpenSSL, the encryption technology that’s used by pretty much every website out there. Moreover, it can be found in the vast majority of client applications, both desktop and mobile.
3. Online security is an important aspect of our everyday lives
The security breach is seen as a reminder not to stop supporting a technology that is the core of so many systems, at least by these two companies. Other corporations are advised to do the same and give back at least something in order to fund the development of this technology. Hopefully, the attack will be an eye-opener to many more of them.
4. Financial aid with no strings attached
Jim Zemlin, the CEO of the Linux Foundation, states that the funding does not aim to change the infrastructure of these open-source projects in any shape or form. Instead, it’s just giving blood to them and their developers, so the projects themselves are guaranteed to have a stable future ahead of them.
He also expressed his wishes that he wants to see the minds behind these projects working on them full-time. As a matter of fact, Google, Fujitsu, Facebook, Amazon Web Services, Dell, VMware, and any other major company behind the funding do not want to influence the direction of this project in any way.
5. A brief history of the Linux Foundation
The Linux Foundation has a broad history of sponsoring open-source projects. It was funded in the year 2000 in order to support the development of Linux by Linus Torvalds. An interesting fact of the story is that several of the companies mentioned here also support the development of the Linux kernel.
6. Getting sponsors were surprisingly simple
Zemlin also mentioned the fact that the objective of convincing the companies to show their financial support wasn’t that hard of a task at all. The Linux kernel itself faced some security-related issues a couple of years ago, and this was the base motivation behind providing more financial support to the project. Everyone in the IT field simply relies on the said technologies that much, so it makes sense to support it, mainly because everyone is dependent on it in some way or another.
Finally, he expressed a regret that this wasn’t done sooner and that the waiting period had perhaps been a bit too long.