Tough Love for the Encryption Software That Was Compromised by Heartbleed

The Citizen's Guide to the Future
May 29 2014 7:09 PM

Tough Love for the Encryption Software That Was Compromised by Heartbleed

We all use OpenSSL whether we know it or not.

Photo by YASUYOSHI CHIBA/AFP/Getty Images

The Linux Foundation, which supports the Linux operating system and other open-source projects, is giving the open-source encryption protocol that contained the Heartbleed vulnerability some tough love. The foundation is funding an audit of OpenSSL's code and also paying the salaries of two programmers who will work on OpenSSL full time.

Previously 10 volunteers devoted significant time to OpenSSL, and only developer Stephen Henson was full time. In hindsight this seems like a paltry team given that OpenSSL has been and continues to be ubiquitous. OpenSSL, or Secure Socket Layer, is a cryptographic protocol that secures interactions like online banking and many communication services. When you see the “https” prefix on a URL that’s OpenSSL at work. Henson will receive one Linux Foundation grant along with Andy Polyakov.


The OpenSSL project is part of a new broader effort called the Core Infrastructure Initiative that will give attention to underresourced, but valuable open source products. As the Linux Foundation's announcement explains:

The computing industry has increasingly come to rely upon shared source code to foster innovation. But as this shared code has become ever more critical to society and more complex to build and maintain, there are certain projects that have not received the level of support commensurate with their importance. CII changes funding requests from the reactive post-crisis asks of today to proactive reviews identifying the needs of the most important projects.

The project is being backed by large tech companies like Adobe, Amazon Amazon Web Services, Cisco, Facebook, and Google. Ars Technica reports that the companies are all giving at least $100,000 a year for three years. So far the Linux Foundation has raised $5.4 million over the next three years. And OpenSSL is also still collecting donations through the OpenSSL Foundation. Maybe open-source code makeovers will be the next big reality show. OK, probably not.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.



More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

What Charles Barkley Gets Wrong About Corporal Punishment and Black Culture

Why Greenland’s “Dark Snow” Should Worry You

Three Talented Actresses in Three Terrible New Shows

Why Do Some People See the Virgin Mary in Grilled Cheese?

The science that explains the human need to find meaning in coincidences.


Happy Constitution Day!

Too bad it’s almost certainly unconstitutional.

Is It Worth Paying Full Price for the iPhone 6 to Keep Your Unlimited Data Plan? We Crunch the Numbers.

What to Do if You Literally Get a Bug in Your Ear

  News & Politics
Sept. 17 2014 8:15 AM Ted Cruz Will Not Join a Protest of "The Death of Klinghoffer" After All
Sept. 16 2014 4:16 PM The iPhone 6 Marks a Fresh Chance for Wireless Carriers to Kill Your Unlimited Data
The Eye
Sept. 16 2014 12:20 PM These Outdoor Cat Shelters Have More Style Than the Average Home
  Double X
The XX Factor
Sept. 15 2014 3:31 PM My Year As an Abortion Doula
  Slate Plus
Slate Plus Video
Sept. 16 2014 2:06 PM A Farewell From Emily Bazelon The former senior editor talks about her very first Slate pitch and says goodbye to the magazine.
Brow Beat
Sept. 16 2014 8:43 PM This 17-Minute Tribute to David Fincher Is the Perfect Preparation for Gone Girl
Future Tense
Sept. 17 2014 8:27 AM Only Science Fiction Can Save Us! What sci-fi gets wrong about income inequality.
  Health & Science
Bad Astronomy
Sept. 17 2014 7:30 AM Ring Around the Rainbow
Sports Nut
Sept. 15 2014 9:05 PM Giving Up on Goodell How the NFL lost the trust of its most loyal reporters.