Crisis is a difficult thing. In fact, by definition it means a difficult or dangerous situation that needs serious attention.
Whether it’s an earthquake, multi-car pileup on the freeway or a massive Internet security bug, many times people’s first reaction is to ask: How could it have been prevented or detected earlier? As we finished patching our own servers at The Linux Foundation in the wake of the Heartbleed bug, we asked ourselves how we might be able to help prevent this from happening again. Is there a role we can play to help?
That’s when we conceived the idea for the Core Infrastructure Initiative (announced last week), which for the first time offers a forum where companies and leading open source developers and industry experts can discuss the critical, shared infrastructure that we all depend on. This is not a corporate only effort. We will depend on the developers from the open source community and experts from their respective fields (security as one example) to inform and guide members on where funding is needed most. This is not unlike the neutral framework we’ve had in place for more than a decade to support Linux and that respects the community norms that make open source successful.
CII intends to support a variety of open source projects that will be identified by members and advisors. Heartbleed was the galvanizing force of the Core Infrastructure Initiative, but we want CII to change reactive responses to a proactive program to identify and fund key developers in essential open source projects. It’s also important for us all to face a harsh reality: security threats aren’t going away. These threats are a fact of life and all software is vulnerable, whether it’s open source or proprietary.
Can CII help minimize the risk of another “Heartbleed?” While security vulnerabilities in our ever more complex software environment are a fact of life, we absolutely hope that by bringing together companies such as Amazon, Cisco, Google, Facebook, Microsoft and more with the developers who work on critical pieces of our infrastructure that we can all help. The idea that open source just happens in someone’s basement is a myth. As the software has grown more complex, so has the need for full time developer support. CII will help identify and fund those projects that are critical to our modern computing fabric but that may be under-resourced.
Please join us in this work and support the developers who are building today’s most critical infrastructure. Anyone can donate to the Core Infrastructure Initiative at the following link: https://www.linuxfoundation.org/programs/core-infrastructure-initiative#contribute