Technology Companies Team Up to Prevent Another Heartbleed Heartbreak
The Heartbleed bug broke the hearts of many a programmer. It also drew attention to the fact that few programmers had the time to scan the widely used open source software to find the bug that was discovered more than two years after its creation. Now, the Linux Foundation and several big names in technology including Google (NASDAQ:GOOG) (NASDAQ:GOOGL), Intel (NASDAQ:INTC), and Facebook (NASDAQ:FB) are providing support to fix the bug.
The Heartbleed bug existed in a piece of open source software called OpenSSL. The Apache and nginx, open source web servers for about half a million websites, used OpenSSL. That software was also used in a wide variety of websites from Yahoo (NASDAQ:YHOO) to Reddit. Even operating systems like certain versions of the Android software on mobile devices and some Linux operating systems were affected too.
Getting rid of the open source software was not an option since it is so widely used in a variety of programming-based applications. Open source software is something that Internet users come across every day via websites and other programs, part of why the Heartbleed bug affected such a large portion of the Internet. Web browser Mozilla Firefox is open source software. Entire libraries of open source software are available to programmers via GitHub, which were also affected by the Heartbleed bug.
Now, the companies behind some affected software are banding together to prevent another Heartbleed bug by creating and funding the Core Infrastructure Initiative, a multimillion dollar investment in open source software as opposed to depending on the free work of programmers when they had the time to spare.
A technology non-profit, the Linux Foundation is the group behind the open source Linux operating systems that are a popular alternative to Windows and OS, and it will be hosting the program. The goal is to provide some much needed oversight to the software that the Internet depends on to function. In its FAQ page, the Core Infrastructure Initiative explains the primary challenge of keeping such widely used software in check when it is not adequately funded. It notes that the OpenSSL project received only about $2,000 funding, despite its widespread use.
Open source software is a piece of coding worked on collaboratively by an unlimited group of programmers by making the source code. While the resulting product is normally better and more secure than a project worked on a by smaller group of programmers working on a piece of closed source software, bugs or other errors can be overlooked due to the fact few people are looking at it full-time.
That is what happened in the case of the Heartbleed bug. The error in the heartbeat function of the code caused information to be leaked in amounts of up to 64 kilobytes of data it was supposed to keep secure. In response to this situation, a patch was quickly created. Affected websites either used that patch or created their own to fix the error. Now, the Core Infrastructure Initiative allows them to tackle issues collaboratively in the spirit of open source software.