Microsoft, Facebook And Others Join Hands To Prevent Heartbleed OpenSSL Like Crisis In The Future

Core Infrastructure Initiative

Microsoft, Facebook, Google and others have formed the Core Infrastructure Initiative which is a multi-million dollar project that is aimed to fund open source projects that are in the critical path for core computing functions. They want to prevent events such as the recent Heartbleed OpenSSL crisis. Read more about it below.

What is the Core Infrastructure Initiative?

The Core Infrastructure Initiative is a multi-million dollar project to fund and support critical elements of the global information infrastructure. It is organized by The Linux Foundation and supported by Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, RackSpace, and VMware. CII enables technology companies to collaboratively identify and fund open source projects that are in need of assistance, while allowing the developers to continue their work under the community norms that have made open source so successful.

The first project under consideration to recieve funds from the Initiative will be OpenSSL, which could receive fellowship funding for key developers as well as other resources to assist the project in improving its security, enabling outside reviews, and improving responsiveness to patch requests. CII was formed as a response to the Heartbleed security crisis; however, the Initiative’s efforts will not be restricted to security-related issues.

Core Infrastructure Initiative Companies

Who is involved in CII and what role do they play?

Early supporters include Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, RackSpace, VMware and The Linux Foundation. We expect more to follow suit in the coming weeks and months. Members of CII will evaluate open source projects that are essential to global computing infrastructure and are experiencing under-investment. These companies recognize the need for directed funds for highly critical open source software projects they all consume and that run much of modern day society. They also value and invest in developers and collaborative software development and want to support this important work.

How will CII be structured?

A steering committee will be formed of CII members, developers and industry stakeholders to identify projects in need of support. Committee members will:

  • Identify projects and developers in need to support
  • Approve specific funding commitments
  • Oversee project roadmaps
  • Reach consensus to add additional members (crypto experts, community leaders)

An advisory board of open source developers and respected community members will help to inform the steering committee.

  • ZloiYuri

    Joining hand doesn’t prevent ass-through job.

  • Vương Vi-Nhuyễn – 王微軟

    This is great news, I really hope that this’ll work, though we didn’t have any major security breaches since 2001, Heartbeat literally took everyone by surprise, the tech world must work together, joining hands will make everyone better. (^_^)

  • NegLewis

    Feature: Hart-Beat
    Bug – HartBleed.

    Same stuff apply to Ping Feature:
    The standard says : first parameter is L: Length, second is data (array) DA.
    At response you should responde with an array of length L and data DA.

    BUT if DA.Length L … the data DA will overflow.. corrupting the RAM.

    IF the implementation will RESPECT 100 % the STANDARD… then same bug WILL be found in ANY Ping Like implementation. HartBlead over again…

    Do you know guys how many standards/commands like that are in (public) standards… that CAN and WILLcorrupt the stack if the commands are NOT send 100% correct?

    Look at 802.15.×… WiFi… BlueTooth (Low Energy), ….