Newly formed Core Infrastructure Initiative is the industry’s collective response to the Heartbleed crisis
SAN FRANCISCO, April 24, 2014 – The Linux Foundation today announced it has formed a new project to fund and support critical elements of the global information infrastructure. The Core Infrastructure Initiative enables technology companies to collaboratively identify and fund open source projects that are in need of assistance, while allowing the developers to continue their work under the community norms that have made open source so successful. Founding backers of the Initiative include Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation.
The first project under consideration to receive funds from the Initiative will be OpenSSL, which could receive fellowship funding for key developers as well as other resources to assist the project in improving its security, enabling outside reviews, and improving responsiveness to patch requests.
The Core Infrastructure Initiative is a multi-million dollar project organized by The Linux Foundation to fund open source projects that are in the critical path for core computing and Internet functions. Galvanized by the Heartbleed OpenSSL crisis, the Initiative’s funds will be administered by The Linux Foundation and a steering group comprised of backers of the project as well as key open source developers and other industry stakeholders. Support from the initiative will include funding for fellowships for key developers to work full-time on open source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support.
“We are expanding the work we already do for the Linux kernel to other projects that may need support,” said Jim Zemlin, executive director of The Linux Foundation. “Our global economy is built on top of many open source projects. Just as The Linux Foundation has funded Linus Torvalds to be able to focus 100% on Linux development, we will now be able to support additional developers and maintainers to work full-time supporting other essential open source projects. We are thankful for these industry leaders’ commitment to ensuring the continued growth and reliability of critical open source projects such as OpenSSL.”
“Maintaining the health of the community projects that produce software critical to the security and safety of Internet commerce is in everyone’s interest,” said Professor Eben Moglen of Columbia Law School, Founding Director of the Software Freedom Law Center. “The Linux Foundation, and the companies joining this Initiative, are enabling these dedicated programmers to continue maintaining and improving the free and open source software that makes the Net work safely for us all. This is business and community collaboration in the public interest, and we should all be grateful to The Linux Foundation for making it happen.”
Open source historically has produced high quality and highly secure software. For instance, the most recent Coverity Open Scan study of software quality has shown that open source code quality surpasses proprietary code quality. But as all software has grown in complexity – with interoperability between highly complex systems now the standard – the needs for developer support has grown.
Similarly, the computing industry has increasingly come to rely upon shared source code to foster innovation. But as this shared code has become ever more critical to society and more complex to build and maintain, there are certain projects that have not received the level of support to commensurate with their importance. For instance, the OpenSSL project has in past years received about $2,000 per year in donations. The Core Infrastructure Initiative will change funding requests from the reactive post-crisis asks of today to proactive reviews identifying the needs of the most important projects. By raising funds at a neutral organization like The Linux Foundation, the industry will effectively give these projects the support they need while ensuring that open source projects retain their independence and community-based dynamism.
Anyone can donate to the Core Infrastructure Initiative fund. To join or donate or find out more information about the Core Infrastructure please visit https://www.linuxfoundation.org/programs/core-infrastructure-initiative
Founding Member Comments
Amazon Web Services
“Open source software is important to organizations like AWS that deliver secure Internet experiences and services for customers,” said Steve Schmidt, Chief Information Security Officer, Amazon Web Services, Inc. “We are pleased to be part of the Core Infrastructure Initiative and to work with the Linux Foundation to foster continued innovation and security in key open source projects that can benefit us all.”
“By creating the Core Infrastructure Initiative, the Linux Foundation has once again stepped up to the challenge of supporting open source projects at the heart of today’s Internet,” said Colin Kincaid, VP Product Management and Architecture, Cisco. “Supporting dedicated open source collaborators and contributors is vital to the success and growth of innovation.”
“Protecting and supporting the work of open source developers and the projects that provide the underpinning of the world’s technology infrastructure is of the highest priority,” said Don Ferguson, Software CTO and Sr. Fellow, Dell. “The Core Infrastructure Initiative gives the industry a way to do this effectively. We are proud to be involved in this very important work.”
“Open source software makes today’s computing infrastructure possible. Facebook is excited to support these projects and the developers who maintain them. This initiative will help ensure that these core components of internet infrastructure get the assistance they need to respond to new threats and to reach new levels of scale,” said Doug Beaver, Engineering Director of Traffic & Edge, Facebook.
“In the nearly two decades that Fujitsu has actively supported Linux, we have gained an understanding that open source software is an essential element of today’s computing infrastructure,” said Takashi Fujiwara, Head of Platform Software Business Unit, Fujitsu Limited. “We are keen to participate in the Core Infrastructure Initiative as it will enable us to more easily support critical open source projects and key developers of the world’s most important code.”
“Google has been a longtime supporter of the Linux Foundation and open source in general, so we’re proud to join the Core Infrastructure Initiative. We believe that an open-source approach to online security will ensure that code is constantly improving, making the web a safer place for us all,” said Chris DiBona, Director of Engineering for Open Source at Google.
“The Linux Foundation is well positioned to manage this initiative to improve security for the open source community,” said Hira Advani, IBM Software Group Chief Security Compliance Officer. “IBM has a long history of supporting open source standards and thousands of IBM researchers, programmers and engineers around the world are contributing to this community. We look forward to working with the foundation and other founding members of the Core Infrastructure Initiative to better enable the open source community to meet the evolving needs of businesses and governmental organizations.”
“Intel is committed to support the development of open source technology and Linux,” said Imad Sousou, Intel vice president and general manager of the Intel Open Source Technology Center. “As an active and long term contributor to open source community, Intel believes the Core Infrastructure Initiative can help provide long term, sustainable support to Linux, the world’s most important open source standard.”
“Security is an industry-wide concern requiring industry-wide collaboration. The Core Infrastructure Initiative aligns with our participation in open source and the advancement of secure development across all platforms, devices and services.” – Steve Lipner, partner director of software security, Microsoft.
“We are pleased to support the important and timely Core Infrastructure Initiative, along with our industry partners,” said Dan Neault, Senior Vice President, Datacenter Solutions, NetApp. “Computer security is of paramount importance to our industry, and our participation reflects NetApp’s commitment to the open source community and the software that we each rely on every day in our business and personal lives.”
“We believe the Core Infrastructure Initiative will improve the security of the Internet,” said John Engates, CTO, Rackspace. “Open source code powers everything we do online. We look forward to working with the Linux Foundation, our other company partners, and the open source community to make sure these projects get the support they need.”
“The Core Infrastructure Initiative is critical. The new model of computing involves a set of choices for customers – on premise, off premise, hybrid – and we must ensure the safety and security across all of those environments,” commented Ray O’Farrell, senior vice president, Cloud Infrastructure R&D, VMware. “We welcome the opportunity to support and contribute to the success of open source and are eager to participate in the Core Infrastructure Initiative.”
About The Linux Foundation
The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the Linux operating system and collaborative software development by marshaling the resources of its members and the open source community. The Linux Foundation provides a neutral forum for collaboration and education by hosting Collaborative Projects, Linux conferences, including LinuxCon and generating original research and content that advances the understanding of Linux and collaborative software development. More information can be found at http://www.linuxfoundation.org.
The Linux Foundation, Linux Standard Base, MeeGo, Tizen and Yocto Project are trademarks of The Linux Foundation. OpenBEL is a trademark of OpenBEL Consortium. OpenDaylight is a trademark of OpenDaylight Project. Linux is a trademark of Linus Torvalds.
# # #