Google, Facebook and Microsoft Investing Big to Stop the Next Heartbleed Bug


Following the unnerving discovery of the Heartbleed bug in recent weeks, the Internet at large has been pondering solutions to better prevent the next bug of this nature from cropping up – or at least, limiting its effectiveness.

Leading a new charge called the Core Infrastructure Initiative is The Linux Foundation, a group formed to invest in the security of the Internet – and more specifically, the software that runs within it. This group has members, the likes of which include Google, Microsoft, Facebook, Intel and Fujitsu.

Each company is committed to donating at least $100,000 per year over the next 3 years, which, with 12 companies on board, would accumulate to about $3.6 million in funding. This cash would cover research costs as the project persists.

The CII will be put in place, obviously, to keep a close eye on OpenSSL and any other potential holes it might have that need plugging, but also other items that are on the “to watch” list. ModSSL, PGP, and OpenCryptolab are all potential candidates to study further, as all are in-place on sites across the Internet.

Executive director of The Linux Foundation, Jim Zemlin, made it clear to The Verge that, following Heartbleed’s discovery, some big changes needed to take place to secure the protected accessibility of the web.

“After we’re done updating our software and swapping our certificates, what can we learn? What can be done differently,” he proposes.

“Obviously, in retrospect, I wish we had done this a long time ago.”