The who's who of tech companies have agreed to donate millions of dollars to help key, yet under-funded open source projects in the wake of the recent Heartbleed bug crisis. According to ArsTechnica, companies like Amazon, Cisco Systems, Facebook, Google, IBM, Intel, Microsoft, and more, will contribute at least $3.9 million to the Core Infrastructure Initiative, which will be hosted at the San Francisco-based non-profit Linux Foundation.
Open source software like OpenSSL is core to the business of many big technology corporations, which use the library on their websites to send encrypted data safely between servers and clients.
But the crucial role OpenSSL plays in securing the Internet wasn't matched by the financial resources devoted to maintain it. According to OpenSSL Software Foundation President Steve Marquess, the project received $2000 a year in donations, and has only one full time employee.
"I think we got a little too comfortable as a community of software developers, and we shouldn't be," says Chris DiBona, director of open source at Google, adding that "We should really pay way more attention to the quality of our security software and of these core bits".
It's not that every open source project is under-resourced and cash starved. There are many projects that receive good support from the companies that depend on them. For example, the Linux kernel project has multiple employees and financial support from tech giants like HP, IBM, Red Hat, Intel, Oracle, Google, Cisco, and more.
According to Jim Zemlin, executive director of the Linux Foundation, companies will contribute $100,000 per year, with a minimum three-year commitment. Although the money will go to multiple open source projects, OpenSSL is at the top of the list.