Tough Love for the Encryption Software That Was Compromised by Heartbleed

Future Tense
The Citizen's Guide to the Future
May 29 2014 7:09 PM

Tough Love for the Encryption Software That Was Compromised by Heartbleed

We all use OpenSSL whether we know it or not.

Photo by YASUYOSHI CHIBA/AFP/Getty Images

The Linux Foundation, which supports the Linux operating system and other open-source projects, is giving the open-source encryption protocol that contained the Heartbleed vulnerability some tough love. The foundation is funding an audit of OpenSSL's code and also paying the salaries of two programmers who will work on OpenSSL full time.

Previously 10 volunteers devoted significant time to OpenSSL, and only developer Stephen Henson was full time. In hindsight this seems like a paltry team given that OpenSSL has been and continues to be ubiquitous. OpenSSL, or Secure Socket Layer, is a cryptographic protocol that secures interactions like online banking and many communication services. When you see the “https” prefix on a URL that’s OpenSSL at work. Henson will receive one Linux Foundation grant along with Andy Polyakov.


The OpenSSL project is part of a new broader effort called the Core Infrastructure Initiative that will give attention to underresourced, but valuable open source products. As the Linux Foundation's announcement explains:

The computing industry has increasingly come to rely upon shared source code to foster innovation. But as this shared code has become ever more critical to society and more complex to build and maintain, there are certain projects that have not received the level of support commensurate with their importance. CII changes funding requests from the reactive post-crisis asks of today to proactive reviews identifying the needs of the most important projects.

The project is being backed by large tech companies like Adobe, Amazon Amazon Web Services, Cisco, Facebook, and Google. Ars Technica reports that the companies are all giving at least $100,000 a year for three years. So far the Linux Foundation has raised $5.4 million over the next three years. And OpenSSL is also still collecting donations through the OpenSSL Foundation. Maybe open-source code makeovers will be the next big reality show. OK, probably not.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.



The Ebola Story

How our minds build narratives out of disaster.

The Budget Disaster That Completely Sabotaged the WHO’s Response to Ebola

PowerPoint Is the Worst, and Now It’s the Latest Way to Hack Into Your Computer

The Shooting Tragedies That Forged Canada’s Gun Politics

A Highly Unscientific Ranking of Crazy-Old German Beers


Welcome to 13th Grade!

Some high schools are offering a fifth year. That’s a great idea.


The Actual World

“Mount Thoreau” and the naming of things in the wilderness.

Want Kids to Delay Sex? Let Planned Parenthood Teach Them Sex Ed.

Would You Trust Walmart to Provide Your Health Care? (You Should.)

  News & Politics
Oct. 22 2014 9:42 PM Landslide Landrieu Can the Louisiana Democrat use the powers of incumbency to save herself one more time?
Continuously Operating
Oct. 22 2014 2:38 PM Crack Open an Old One A highly unscientific evaluation of Germany’s oldest breweries.
Gentleman Scholar
Oct. 22 2014 5:54 PM May I Offer to Sharpen My Friends’ Knives? Or would that be rude?
  Double X
The XX Factor
Oct. 22 2014 4:27 PM Three Ways Your Text Messages Change After You Get Married
  Slate Plus
Tv Club
Oct. 22 2014 5:27 PM The Slate Walking Dead Podcast A spoiler-filled discussion of Episodes 1 and 2.
Oct. 22 2014 11:54 PM The Actual World “Mount Thoreau” and the naming of things in the wilderness.
Future Tense
Oct. 22 2014 5:33 PM One More Reason Not to Use PowerPoint: It’s The Gateway for a Serious Windows Vulnerability
  Health & Science
Wild Things
Oct. 22 2014 2:42 PM Orcas, Via Drone, for the First Time Ever
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.