More than a dozen tech companies, including Facebook, Google, Microsoft, Amazon and IBM, have joined forces to try to prevent another Heartbleed-like security breach.
Heartbleed is one of the biggest and widespread vulnerabilities in the history of the modern web. The problem stemmed from an errant line of code in the open-source project OpenSSL. About 66% of web servers rely on OpenSSL to encrypt data and keep things secure.
The bug in OpenSSL meant that the secret-encryption keys — which are what ensures that your passwords and other data are securely transmitted — could be stolen from a web server without anyone knowing. The bug existed in OpenSSL for more than two years before being publicly patched and announced.
The program, dubbed the Core Infrastructure Initiative, is an an offshoot of Linux Foundation and designed to “fund open source projects that are in the critical path for core computing functions,” according to a description on its website. The group will work with “an advisory board of esteemed open source developers to identify and fund open source projects in need.”