The world’s biggest technology companies have agreed to donate millions of dollars to set up a group that will fund improvements in open source programs like OpenSSL, the software whose “Heartbleed” bug has sent the computer industry into turmoil.
Amazon, Cisco Systems, Facebook, Google, IBM, Intel and Microsoft are among a dozen companies that have agreed to be founders of the group, known as Core Infrastructure Initiative. Each will donate $300,000 to the venture.
The non-profit Linux Foundation announced formation of the group on Thursday.
It will support development of open source software that makes up critical parts of the world’s technology infrastructure, but whose developers do not necessarily have adequate funding to support their work, said Jim Zemlin, executive director of the Linux Foundation.
The Heartbleed bug allows malicious attackers to request small streams of unencrypted data from Web servers and other Internet-connected devices running a particular version of the OpenSSL security framework. The data could potentially include passwords, bank details, private messages, and even entire encryption keys. Up to three quarters of the world’s major Web services have been affected, including Yahoo, Google, Dropbox, and Blackberry Messenger. In addition, a huge number of smartphones, infrastructure devices, and personal gadgets have also been found to be vulnerable.
Earlier this week, Apple released a firmware update for two router models, the AirPort Extreme and AirPort Time Capsule, to patch a vulnerability to the Heartbleed bug. Both products were refreshed in 2013 with 802.11ac Wi-Fi capability. The older AirPort Express and other discontinued models do not require the patch.
Apple had claimed earlier that none of its products or services are affected by the Heartbleed bug. It isn’t known whether the company was aware of the potential fault in its AirPort products at that time.
Written with inputs from Reuters
