Crisis is a difficult thing. In fact, by definition it means a difficult or dangerous situation that needs serious attention.
Whether it’s an earthquake, multi-car pileup on the freeway or a massive Internet security bug, many times people’s first reaction is to ask: How could it have been prevented or detected earlier? As we finished patching our own servers at The Linux Foundation in the wake of the Heartbleed bug, we asked ourselves how we might be able to help prevent this from happening again. Is there a role we can play to help?
CII intends to support a variety of open source projects that will be identified by members and advisors. Heartbleed was the galvanizing force of the Core Infrastructure Initiative, but we want CII to change reactive responses to a proactive program to identify and fund key developers in essential open source projects. It’s also important for us all to face a harsh reality: security threats aren’t going away. These threats are a fact of life and all software is vulnerable, whether it’s open source or proprietary.
Can CII help minimize the risk of another “Heartbleed?” While security vulnerabilities in our ever more complex software environment are a fact of life, we absolutely hope that by bringing together companies such as Amazon, Cisco, Google, Facebook, Microsoft and more with the developers who work on critical pieces of our infrastructure that we can all help. The idea that open source just happens in someone’s basement is a myth. As the software has grown more complex, so has the need for full time developer support. CII will help identify and fund those projects that are critical to our modern computing fabric but that may be under-resourced.
Please join us in this work and support the developers who are building today’s most critical infrastructure. Anyone can donate to the Core Infrastructure Initiative at the following link: https://www.linuxfoundation.org/programs/core-infrastructure-initiative#contribute