The Core Infrastructure Initiative (CII) has announced five new backers, with the first projects to receive funding from the Initiative and the Advisory Board members who will help identify critical infrastructure projects most in need of support.
The computing industry has increasingly come to rely upon shared source code to foster innovation, but these projects rarely get the funding needed to full vet the offerings. CII was established earlier this year in the wake of the Heartbleed bug, a widespread vulnerability in the open-source, and under-funded, security protocol project OpenSSL. Hosted by the Linux Foundation and boasting a who’s who of tech giant backers, CII aims to give open-source projects the funding they need to root out vulnerabilities like Heartbleed and make the web a safer place.
The newly added founding members of CII will include Adobe, Bloomberg, HP, Huawei and salesforce.com. They join other recently announced founding members, among them Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace and VMware.
"Adobe believes that open development and open source software are fundamental building blocks for software development," said Dave McAllister, director of open source at Adobe, in a statement. “The Core Infrastructure Initiative allows us to extend our support through a neutral forum that can prioritize underfunded yet critical projects. We’re excited to be a part of this work.”
CII has set up fellowships for key developers to pay for full-time work on open-source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support. The Steering Committee, comprised of members of the Initiative, and the Advisory Board of industry stakeholders and developers, are tasked with identifying underfunded open source projects that support critical infrastructure, and administering the funds through the Linux Foundation.
Upon an initial review of critical open source software projects, the CII Steering Committee has prioritized Network Time Protocol, OpenSSH and, of course, OpenSSL for the first round of funding. OpenSSL will receive funds from CII for two, full-time core developers. The OpenSSL project is accepting additional donations, which can be coordinated directly with the OpenSSL Foundation.
The Open Crypto Audit Project (OCAP) will also receive funding in order to conduct a security audit of the OpenSSL code base. Other projects are under consideration and will be funded as assessments are completed and budget allows.
“All software development requires support and funding,” said Jim Zemlin, executive director at The Linux Foundation, in a statement. “Open-source software is no exception and warrants a level of support on par with the dominant role it plays supporting today’s global information infrastructure. CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds.”