VIDEO: Jim Zemlin, executive director of the Linux Foundation, explains how millions of dollars he helped raise are going toward preventing the next open-source Heartbleed.
The Heartbleed flaw that was first publicly disclosed in April of this year, was in some respects a black eye on the open-source community. Heartbleed is a flaw in the open-source OpenSSL cryptographic library that had wide ranging impact across the infrastructure of the Internet.
In the aftermath of Heartbleed, a new effort emerged called the Core Infrastructure Initiative (CII) to help fund developers wanting to improve security across critical open-source infrastructure technologies.
In a video interview with eWEEK, Jim Zemlin, executive director of the Linux Foundation, explains how CII works and what can be done to improve open-source security.
Zemlin noted that in the case of OpenSSL, though it plays a critical role in Internet infrastructure, it was not receiving the level of support that is commensurate with the role it plays. There are other open-source efforts beyond just OpenSSL that could also benefit from increased financial support, he added.
CII has the financial support of a number of leading IT organizations, including IBM, Intel, Dell, Cisco, Google, Hewlett-Packard, Qualcomm, VMware, Amazon, Facebook and Microsoft.
“The largest technology vendors are all participating in this,” Zemlin said.
The basic idea behind CII is to figure out which open-source projects have similar characteristics to OpenSSL, in that they are widely deployed, critical to Internet security and may not have had enough resources, he said.
With CII, the goal is to provide resources to critical infrastructure projects, including testing help, third-party code audits and helping to teach secure coding practices. Zemlin noted that any type of systemic change takes time, foresight, patience and money. That’s why the Linux Foundation worked to create CII and get the support of industry to be able to fund a sustainable effort to help advance the cause of open-source security.
“If we take a holistic approach, get ahead of a Heartbleed, we can reduce the number of vulnerabilities and security problems over time for everyone,” Zemlin said.
Watch the full video interview with Jim Zemlin below:
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.