The Wall Street Journal recently reported that the Core Infrastructure Initiative, a group formed last year after the Heartbleed bug targeted vulnerabilities in OpenSSL encryption software, has invested $500,000 in three new projects aimed at improving the security of open source code. Participants in the Core Infrastructure Initiative include large corporations such as Microsoft, Facebook, and Cisco Systems; it is managed by the nonprofit Linux Foundation. This collaboration demonstrates a desire from both the open source community and technology leaders to preserve free and open standards while continuing to make security a top priority.
The three projects receiving support from this investment include a testing method that finds security vulnerabilities in software like OpenSSL; a tool that makes sure the software end users receive has not been tampered with; and testing tools that ensure the accuracy of software bug reporting. Combined, these three projects can help further security improvements in open source software, allowing developers to continue to employ open source standards and end-users to enjoy the benefits open source has to offer while limiting security vulnerabilities.
In the wake of recent cyber attacks and security breaches, many business leaders and proprietary software developers have expressed reservations about the security and safety of open source software. Nevertheless, open source has been gaining steady ground and investments of money and resources make it clear that the open source community and its supporters are committed to improving open source security measures.
Open source code is available to be studied, examined, thoroughly tested, and modified. While some may see this as a liability, it also represents a great strength. Various factors make open source software a secure choice:
- A wealth of technology knowledge: Open source, by its very nature, invites the best and brightest technology experts to participate fully in testing, modifying, viewing, and debugging code. Because experts can work in community to ensure the software stays secure from development through delivery to the end user, open source benefits from collaboration between individuals with a variety of skill sets and areas of expertise.
- Dedication to improving security: The open source community has the ability to learn from past breaches and directly use that information to make future offerings more secure, as evidenced by the exciting projects currently underway aimed at improving open source security.
- Ability to resolve breaches through patching: If vulnerability is identified in open source software, it can be remedied quickly, often immediately. This process is quicker than if users have to wait for a proprietary software vendor to find the issue and release a patch, and it can minimize damage and losses in the event of a breach. In this way, open source software can adapt quickly to increasing and changing security threats to become safer over time.
As investment and innovation in open source security increases, open source has the potential to become safer and more secure than ever before, making it more desirable for companies that are concerned about today’s changing threat landscape.