OpenSSL Chief Warns More Support Needed to Prevent Another Heartbleed Bug
The president of the OpenSSL Software Foundation (OSF) has made a plea for greater support from governments and companies to help prevent another serious security flaw like that of the Heartbleed Bug.
In a blogpost, OSF president Steve Marquess noted that he is the only full time employee at the foundation, with the only other help coming from people working out of a sense of "responsibility and pride".
OpenSSL is used all over the web and has become a fundamental part of the modern infrastructure of the internet. Banks, firewalls, weapons systems, smartphones, commercial and government websites all use it and, according to Marquess, take it for granted.
It took the discovery of a massive security loophole in OpenSSL, dubbed Heartbleed, for the open source software and its operational methods to receive widespread public attention.
OpenSSL investment a 'no-brainer'
Despite receiving some limited financial support from the US Department of Defence (DoD), the OSF has never received more than $1 million (£597,000) in annual revenue.
"I know OpenSSL is very widely used throughout DoD, both directly and as repackaged by commercial vendors. Given the bazillions of dollars in DoD funding you'd think an investment in OpenSSL would be a no-brainer."
In order to address this, Marquess has called for support from governments and companies to provide the finance and resources needed to fund at least six full time members of staff.
"If you're a corporate or government decision maker in a position to do something about it, give it some thought," Marquess concluded. "Please. I'm getting old and weary and I'd like to retire someday.
"The mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn't happened more often."
© Copyright IBTimes 2024. All rights reserved.