All Tech Considered
2:31 pm
Thu April 24, 2014

Tech Giants Pony Up Cash To Help Prevent Another Heartbleed

Originally published on Thu April 24, 2014 5:17 pm

Google, Intel, Facebook and many other tech giants are pooling their money together — for the first time — to fix a glaring hole in cybersecurity. They're launching a multimillion-dollar fund to protect open-source code — the code that anyone can use for free, and that often gets overused and underprotected.

The recent Heartbleed bug crisis was a wake-up call to tech companies, and this new fund is an admission of guilt.

"I think we got a little too comfortable as a community of software developers, and we shouldn't be," says Chris DiBona, director of open source at Google. "We should really pay way more attention to the quality of our security software and of these core bits."

Open-source software is core to the business of many high-tech firms. But for years, they've been using it for free. OpenSSL — the code that got hit by the Heartbleed bug — is used by the majority of websites to send encrypted data safely between users and servers. But Google and others had put zero dollars into the maintenance and upkeep of the software.

The goal now, DiBona says, is to come together "and try to root out these problems before they become problems of the scale of Heartbleed and other holes that are probably lurking out there in the software we all depend on."

Open source is getting more popular, and companies are seeing that when software gets reviewed and edited by many eyeballs, it can be a lot stronger than private, proprietary code.

One of the best-funded open-source projects is Linux. Jim Zemlin, executive director of the Linux Foundation, put in the phone calls to make this new fund happen.

"It was inspired by Winston Churchill, who said, 'Never let a good crisis go to waste,' " Zemlin says.

This pledge of relief money is kind of like when nation-states get together after a tsunami or hurricane and each puts in a little bit.

"Each of the companies is contributing $100,000 per year, with a minimum three-year commitment," Zemlin says. "So it's a long-term commitment — at least long term in technology scale."

Zemlin says the foundation will make sure the money goes to the collective good, and not just one company's bottom line.

Copyright 2014 KQED Public Media. To see more, visit http://www.kqed.org.

Transcript

MELISSA BLOCK, HOST:

And now to the issue of cyber security. Google, Intel, Facebook and many other tech giants are pooling their money together, for the first time, to fix a glaring hole. Today, they're launching a new multimillion-dollar fund to protect open source code. It's the code that anyone can use for free and that often gets overused and under-protected.

From member station KQED in San Francisco, Aarti Shahani has this report.

AARTI SHAHANI, BYLINE: A recent crisis known as the Heartbleed bug was a wake-up call to tech companies. And this new fund is an admission of guilt.

CHRIS DIBONA: I think we got a little too comfortable as a community of software developers. And we shouldn't be.

SHAHANI: Chris DiBona is director of open source at Google.

DIBONA: We should really pay way more attention to the quality of our security software and of these core bits.

SHAHANI: Open source software is core to the business of many high-tech firms. But for years and years, they've been using it for free. Take OpenSSL, the code that got hit by the Heartbleed bug. The majority of websites, from the Fortune 500s to the moms-and-pops, use OpenSSL to send encrypted data safely between users and servers. But Google and others put zero dollars into the maintenance and upkeep of the software. The goal now is to come together...

DIBONA: And try to root out these problems before they become problems of the scale of Heartbleed, and other holes that are probably lurking out there in the software we all depend on.

SHAHANI: Open source is getting more popular. And companies are seeing that when software gets reviewed and edited by many eyeballs, it can be a lot stronger than private, proprietary code. One of the best-funded open source projects in the world is Linux. Jim Zemlin is the executive director of the Linux Foundation, and he put in the phone calls to make this new fund happen.

JIM ZEMLIN: It was inspired by Winston Churchill, who said: Never let a good crisis go to waste.

SHAHANI: This pledge of relief money is kind of like when nation-states get together after a tsunami or hurricane and each puts in a little bit.

ZEMLIN: Each of the companies is contributing $100,000 per year, with a minimum three-year commitment, so it's a long-term commitment, at least long term in technology scale.

SHAHANI: Zemlin says the foundation will make sure the money goes to the collective good and not just one company's bottom line. For NPR News, I'm Aarti Shahani in San Francisco. Transcript provided by NPR, Copyright NPR.

Related Program