From ThreatPost:
Census Project Identifies Open Source Tools at Risk
Heartbleed may have brought on a major case of heartburn last April for system admins worldwide, but a positive offshoot of the biggest of the Internet-wide bugs was that it opened a lot of eyes to the lack of support afforded even ubiquitous open source software projects.
Shortly after Heartbleed was discovered in OpenSSL, a consortium called the Core Infrastructure Initiative—initially backed by the Linux Foundation, Google, Microsoft, Facebook, Amazon, Dell and others—began funneling money into the OpenSSL project. The benefits were immediate for the maintainers of the crypto library who were able to fund two full-time employees and a dozen or so part-timers to get the code cleaned up and audited. Soon thereafter, money also began moving in the direction of OpenSSH, NTP, and GnuPG (GPG).
No comments:
Post a Comment