Technology companies within the Linux Foundation will each commit to donating at least $100,000 a year for the next three years to improve software infrastructure.
The Heartbleed bug exposed the weaknesses of secure software like OpenSSL and put the information of Internet users at risk. Technology companies don't want a repeat of Heartbleed either, so the Linux Foundation has launched a new project as a response to the crisis.
The project, called the Core Infrastructure Initiative, will fund open source projects and the critical software infrastructure. The Linux Foundation will not direct where the money goes; instead, members of the foundation will decide. Members like Google, Microsoft, Facebook, and Amazon Web Services will each donate at least $100,000 a year for the next three years. So far, the foundation has $3.6 million to use toward the Core Infrastructure Initiative.
In addition to working on OpenSSL, potential projects include ModSSL, PGP, and OpenCryptolab. Funding will support developers to work full time on the open source project, security audits, computing and test infrastructure, travel, and face-to-face meetings.
OpenSSL is definitely the priority because of Heartbleed. Speaking with The Verge, Linux Foundation executive director Jim Zemlin said, "After we're done updating our software and swapping our certificates, what can we learn? What can be done differently. Obviously, in retrospect, I wish we had done this a long time ago."