Tech Giants Pledge $3.6M to Help Fund OpenSSL Following Heartbleed Bug

A group of 12 technology companies including Intel, IBM, Facebook and Google have pledged $3.6 million (£2.1m) to help maintain under-funded open source software projects which are "essential to the global computing infrastructure" with OpenSSL - the software which caused the huge Heartbleed Bug - the first to receive funding.

The full list of companies is Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, and VMware, all of whom have pledged to commit at least $100,000 a year for at least three years to the Core Infrastructure Initiative.

The announcement of the support comes after a couple of weeks when system administrators have been rushing to patch a vulnerable version of the OpenSSL library which caused what became known as the Heartbleed Bug and left millions of web users vulnerable to attack - potentially leaving sensitive information like passwords and credit card details open to attack.

Last week the president of the OpenSSL Software Foundation (OSF) made a plea for greater support from governments and companies to help prevent another serious security flaw like Heartbleed.

OSF president Steve Marquess noted that he is the only full time employee at the foundation, with the only other help coming from people working out of a sense of "responsibility and pride". Marquess said in a typical year OpenSSL gets just $2,000 in donations.

While open source software typically has much less resources than commercial software, many and very much under-funded and OpenSSL is seen as the poor relation even by open-source standards.

Linux Foundation

Possibly the best-funded open source project is Linux and its foundation is now trying to use its power to help OpenSSL and other similar projects. It decided to approach companies to try and raise funding for .

"Before I could even get my last word out most folks were like, 'absolutely,'" Jim Zemlin, Linux Foundation Executive Director told Ars Technica. "We should have done this three years ago to be honest."

The Initiative's website is now live and says the funds will be administered by a wide variety of interested parties:

"Inspired by the Heartbleed OpenSSL crisis, The Initiative's funds will be administered by the Linux Foundation and a steering group comprised of backers of the project as well as key open source developers and other industry stakeholders."

The group also said it expects more companies to join the initiative in the coming weeks.

No other open source projects have been earmarked for support outside of OpenSSL, but the Initiative has said it will focus on "open source projects that are essential to global computing infrastructure."