A dozen of the world's largest technology companies have come together to offer $3.6 million to financially support open-source programs, particularly OpenSSL, whose Heartbleed bug sent the entire Internet reeling into pandemonium a few weeks ago.
Linux Foundation executive director Jim Zemlin established the Core Infrastructure Initiative, a multi-million dollar project that aims to provide funds to support open-source projects crucial to maintaining core computing functions on the Internet.
Early supporters of this initiative include Google, Facebook, Intel, Amazon and Rackspace, who have each pledged $100,000 for the next three years to fund Zemlin's initiative. Cisoc, Dell, Fujitsu, IBM, NetApp, Qualcomm and VMWare also agreed to donate the same amount, while Zemlin continues to recruit other companies in the technology and financial services sector.
Speaking to CNET, Google's director of engineering for open source Chris DiBona said there was no question that Google will gladly take part of the initiative.
"It's slightly less than the cost of hiring an engineer ourselves," DiBona said, referring to the annual donation of $100,000.
It was the Heartbleed bug accidentally created by a developer who put a faulty code into OpenSSL two years ago that pushed the entire Internet to action.
OpenSSL is an encryption software that is used to secure two-thirds of all websites on the Internet as well as data center software, smartphones and telecommunications equipment.
In early April, Codenomicon researchers and Google's Neel Mehta independently discovered Heartbleed, a serious security bug that gave hackers unrestrained access to private information, including passwords, Social Security numbers and credit card and banking details without leaving any trace in the system.
Experts believe that businesses lost tens of millions of dollars in the scramble to update their websites and close off any loops that may continue to compromise their systems.
Heartbleed brought to light one of the Internet's major flaws - that the websites making the most money rely on a small group of programmers who are making a trivial income from developing and maintaining the code used to secure these profitable websites.
In a blog post written by Steve Marquess, president of OpenSSL Software Foundation, he said that OpenSSL receives around $2,000 in donations every year. In the last five years, OpenSSL has never earned more than $1 million in annual revenue from donations and work-for-hire agreements.
OpenSSL is maintained by four developers and a few contributors. Only one among them works full-time to maintain the code. The others have day jobs and only work on the code in their spare time. OpenSSL, apparently, does not have the resources to check every line of code or pay for a proper code review.
Hopefully, that is now going to change as the Internet's biggest players have stepped forward to provide assistance. OpenSSL will be the first project to receive funds, which will be used for hiring key developers to work full time on OpenSSL, according to Zemlin.