Tough Love for the Encryption Software That Was Compromised by Heartbleed

The Citizen's Guide to the Future
May 29 2014 7:09 PM

Tough Love for the Encryption Software That Was Compromised by Heartbleed

138753034-participants-play-computer-games-at-the-it-event-5th
We all use OpenSSL whether we know it or not.

Photo by YASUYOSHI CHIBA/AFP/Getty Images

The Linux Foundation, which supports the Linux operating system and other open-source projects, is giving the open-source encryption protocol that contained the Heartbleed vulnerability some tough love. The foundation is funding an audit of OpenSSL's code and also paying the salaries of two programmers who will work on OpenSSL full time.

Previously 10 volunteers devoted significant time to OpenSSL, and only developer Stephen Henson was full time. In hindsight this seems like a paltry team given that OpenSSL has been and continues to be ubiquitous. OpenSSL, or Secure Socket Layer, is a cryptographic protocol that secures interactions like online banking and many communication services. When you see the “https” prefix on a URL that’s OpenSSL at work. Henson will receive one Linux Foundation grant along with Andy Polyakov.

Advertisement

The OpenSSL project is part of a new broader effort called the Core Infrastructure Initiative that will give attention to underresourced, but valuable open source products. As the Linux Foundation's announcement explains:

The computing industry has increasingly come to rely upon shared source code to foster innovation. But as this shared code has become ever more critical to society and more complex to build and maintain, there are certain projects that have not received the level of support commensurate with their importance. CII changes funding requests from the reactive post-crisis asks of today to proactive reviews identifying the needs of the most important projects.

The project is being backed by large tech companies like Adobe, Amazon Amazon Web Services, Cisco, Facebook, and Google. Ars Technica reports that the companies are all giving at least $100,000 a year for three years. So far the Linux Foundation has raised $5.4 million over the next three years. And OpenSSL is also still collecting donations through the OpenSSL Foundation. Maybe open-source code makeovers will be the next big reality show. OK, probably not.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Politics

Talking White

Black people’s disdain for “proper English” and academic achievement is a myth.

Hong Kong’s Protesters Are Ridiculously Polite. That’s What Scares Beijing So Much.

The One Fact About Ebola That Should Calm You: It Spreads Slowly

Operation Backbone

How White Boy Rick, a legendary Detroit cocaine dealer, helped the FBI uncover brazen police corruption.

A Jaw-Dropping Political Ad Aimed at Young Women, Apparently

The XX Factor
Oct. 1 2014 4:05 PM Today in GOP Outreach to Women: You Broads Like Wedding Dresses, Right?
Music

How Even an Old Hipster Can Age Gracefully

On their new albums, Leonard Cohen, Robert Plant, and Loudon Wainwright III show three ways.

How Tattoo Parlors Became the Barber Shops of Hipster Neighborhoods

This Gargantuan Wind Farm in Wyoming Would Be the Hoover Dam of the 21st Century

Moneybox
Oct. 1 2014 8:34 AM This Gargantuan Wind Farm in Wyoming Would Be the Hoover Dam of the 21st Century To undertake a massively ambitious energy project, you don’t need the government anymore.
  News & Politics
Politics
Oct. 1 2014 7:26 PM Talking White Black people’s disdain for “proper English” and academic achievement is a myth.
  Business
Moneybox
Oct. 2 2014 8:07 AM The Dark Side of Techtopia
  Life
Dear Prudence
Oct. 2 2014 6:00 AM Can’t Stomach It I was shamed for getting gastric bypass surgery. Should I keep the procedure a secret?
  Double X
The XX Factor
Oct. 1 2014 5:11 PM Celebrity Feminist Identification Has Reached Peak Meaninglessness
  Slate Plus
Behind the Scenes
Oct. 1 2014 3:24 PM Revelry (and Business) at Mohonk Photos and highlights from Slate’s annual retreat.
  Arts
Brow Beat
Oct. 1 2014 9:39 PM Tom Cruise Dies Over and Over Again in This Edge of Tomorrow Supercut
  Technology
Future Tense
Oct. 1 2014 6:59 PM EU’s Next Digital Commissioner Thinks Keeping Nude Celeb Photos in the Cloud Is “Stupid”
  Health & Science
Bad Astronomy
Oct. 2 2014 7:30 AM What Put the Man in the Moon in the Moon?
  Sports
Sports Nut
Oct. 1 2014 5:19 PM Bunt-a-Palooza! How bad was the Kansas City Royals’ bunt-all-the-time strategy in the American League wild-card game?