Linux Foundation: The internet is crumbling

Foundation says poorly paid open source developers are struggling to maintain web

The open source infrastructure of the internet is crumbling because of poor maintenance, the Linux Foundation warned today.

Likening open source to the "roads and bridges of the internet", Linux Foundation CTO Nicko van Someren said that underpaid developers are struggling to patch dangerous bugs and keep the open aspects of the web up to date.

Speaking at Cloud Expo Europe, van Someren told delegates: "These pieces of software that form the roads and bridges of the internet are actually quite old pieces of infrastructure and they're not necessarily being looked at by that many people.

"Our bridges and roads are crumbling because we are not spending enough time and effort and money looking after these pieces of infrastructure."

One example he gave was the developers maintaining cryptographic tool OpenSSL receiving just $2,000 in donations in 2014, which the OpenSSL Software Foundation has derided as "nowhere near enough" to pay for people to look after code properly.

Until recently, van Someren added, NTP engineers could expect to earn just $25,000 a year.

Such underinvestment has allowed damaging bugs like Poodle, Bash and Heartbleed to proliferate, the CTO warned.

"We've got this great community of people building these things but then once they're built they often sit there and they crumble and there's nobody to do the maintenance work on," he said.

Heartbleed, which targeted a flaw in OpenSSL, became a "wake-up call" for open source engineers, van Someren argued, leading the Linux Foundation to launch the Core Infrastructure Initiative in response.

"We said we've got to do something about this'," he told delegates. With 20 leading tech giants like Google signed up, the CII seeks to work collaboratively to tackle open source bugs, with plans to sign up non-tech firms like banks and public bodies who also rely on open source software.

The Linux Foundation has also identified four key schemes it wants to address outside of the CII. The first is to identify open source projects at risk of crumbling.

"We have engaged in a census project to locate open source projects and try to identify the ones at risk. Identifying the code that is complex, whether it's well-maintained, whether it has people maintaining it, whether the projects are responsive to security vulnerabilities that are reported to them, whether they have a threat model in place, documentation about how they handle their security process," van Someren said.

The second is a badge programme the Linux Foundation plans to introduce to certify open source projects as secure, while the third will see the foundation try to educate developers in the value of abiding by more secure practices when putting together their code.

Lastly, the Linux Foundation will build "shared tools and resources that we can make available to developers for free", said van Someren.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Vulnerability in Linux kernel could let hackers remotely take over systems
operating systems

Vulnerability in Linux kernel could let hackers remotely take over systems

5 Nov 2021
Red Hat launches Enterprise Linux 9 beta
Linux

Red Hat launches Enterprise Linux 9 beta

3 Nov 2021
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Solving cyber security's diversity problem
Careers & training

Solving cyber security's diversity problem

5 Jan 2022