Tech giants spend millions to stop another Heartbleed
Published: 25th Apr 2014 11:21:45
The world's biggest technology firms will donate money to fund the support of OpenSSL, the software at the centre of the Heartbleed bug.
Heartbleed was one of the worst internet flaws ever uncovered.
The maintenance of the software, which secures around two-thirds of the world's websites, was done by a group of volunteers with very little funding.
The new group set up by the Linux Foundation has a dozen contributors and has so far raised around $3m (£1.7m).
As well as maintaining OpenSSL it will also support development of other crucial open-source software.
Firms supporting the initiative include Google, Facebook, Microsoft, Intel, IBM, Cisco and Amazon. Each will donate $300,000 over the next three years.
It is kind of weird that such crucial software is run by a group of hobbyists on a shoestring budget”
The industry has been forced to step up after Heartbleed brought chaos to the tech sector.
Experts estimate that the Heartbleed bug will cost businesses tens of million of dollars in lost productivity as they update systems with safer versions of OpenSSL.
"Sometimes it takes a crisis to do the right thing," Linux Foundation executive director Jim Zemlin told journalists.
The bug exposed more than just people's passwords and credit card details. It also highlighted that the crucial piece of software is maintained by a small group of developers who receive donations averaging about $2,000 a year to support the project.
"It is kind of weird that such crucial software is run by a group of hobbyists on a shoestring budget," said Mikko Hypponen, chief research officer with security firm F-Secure.
"This software was invisible, behind the scenes and there are very few volunteers who have the skill and willingness to work on a project like this. There is no recognition, no money and it is very difficult."
The details that have emerged about how the vulnerability came about speaks volumes about how little the industry has cared about the software that was securing their websites, he added.
"The fact that the code change which caused the bug was done by an individual working at 23:00 on a New Year's Eve says a lot. The code simply wasn't reviewed enough and it went undetected for two years," he added.
"Now there is formal and monetary support from the industry I hope we will see a change not just for OpenSSL but for other crucial open source software."
At 08:00:42 in WalesA US cyber security company is officially opening its European HQ in Cardiff, creating almost 130 jobs.
At 07:59:09 in WalesPolitical infighting over the NHS in Wales is putting patients and staff at risk, a nurses' leader has claimed.
At 07:50:18 in EnglandThe official car of the Queen's representative in the Bailiwick of Guernsey is set to be sold.
At 07:46:07 in HeadlinesIndian police are investigating the alleged rape of a three-year-old girl in her school in the city of Bangalore.
At 07:38:45 in WalesA further £300,000 cut in funding has left the Arts Council of Wales (ACW) "dismayed" and warning groups not to rely on its grants.
At 07:35:02 in WalesWales is being "undersold" as a tourist destination and needs a "coherent brand", a committee of MPs has said.
At 07:29:32 in EntertainmentA US toy store chain has pulled four action figures based on characters from the popular TV drama Breaking Bad, following a petition for their removal.
At 07:28:49 in WalesCardiff Airport would have a "significant advantage" over its rivals if the Welsh government won the power to set airport passenger duty, the boss of Bristol Airport has claimed.
At 07:24:29 in SportAdam Le Fondre was delighted to have proved his worth as a striker after his first goal for Cardiff City helped seal a 3-1 win over Ipswich Town.
At 07:17:03 in SportThe man with the spanner stops tinkering with his bike and gives my question some thought. "Is the motorcycling world still a macho one?" he finally says. "Our competition certainly isn't - most of the boys haven't even hit puberty."
Harvard CitationBBC News, 2014. Tech giants spend millions to stop another Heartbleed [Online] (Updated 25th Apr 2014)
Available at: http://www.ukwirednews.com/news/1564047/Tech+giants+spend+millions+to+stop+another+Heartbleed [Accessed 22nd Oct 2014]
News In Other Categories
Family doctors in England are to be paid £55 every time they diagnose a case of dementia, NHS England has said.
The official car of the Queen's representative in the Bailiwick of Guernsey is set to be sold.
Political infighting over the NHS in Wales is putting patients and staff at risk, a nurses' leader has claimed.
Adam Le Fondre was delighted to have proved his worth as a striker after his first goal for Cardiff City helped seal a 3-1 win over Ipswich Town.
The use of drones in the UK will rise over the next 20 years, raising "significant safety, security, and privacy concerns", a report has said.
A US cyber security company is officially opening its European HQ in Cardiff, creating almost 130 jobs.