Linux Foundation: The internet is crumbling

Foundation says poorly paid open source developers are struggling to maintain web

The open source infrastructure of the internet is crumbling because of poor maintenance, the Linux Foundation warned today.

Likening open source to the "roads and bridges of the internet", Linux Foundation CTO Nicko van Someren said that underpaid developers are struggling to patch dangerous bugs and keep the open aspects of the web up to date.

Speaking at Cloud Expo Europe, van Someren told delegates: "These pieces of software that form the roads and bridges of the internet are actually quite old pieces of infrastructure and they're not necessarily being looked at by that many people.

"Our bridges and roads are crumbling because we are not spending enough time and effort and money looking after these pieces of infrastructure."

One example he gave was the developers maintaining cryptographic tool OpenSSL receiving just $2,000 in donations in 2014, which the OpenSSL Software Foundation has derided as "nowhere near enough" to pay for people to look after code properly.

Until recently, van Someren added, NTP engineers could expect to earn just $25,000 a year.

Such underinvestment has allowed damaging bugs like Poodle, Bash and Heartbleed to proliferate, the CTO warned.

"We've got this great community of people building these things but then once they're built they often sit there and they crumble and there's nobody to do the maintenance work on," he said.

Heartbleed, which targeted a flaw in OpenSSL, became a "wake-up call" for open source engineers, van Someren argued, leading the Linux Foundation to launch the Core Infrastructure Initiative in response.

"We said we've got to do something about this'," he told delegates. With 20 leading tech giants like Google signed up, the CII seeks to work collaboratively to tackle open source bugs, with plans to sign up non-tech firms like banks and public bodies who also rely on open source software.

The Linux Foundation has also identified four key schemes it wants to address outside of the CII. The first is to identify open source projects at risk of crumbling.

"We have engaged in a census project to locate open source projects and try to identify the ones at risk. Identifying the code that is complex, whether it's well-maintained, whether it has people maintaining it, whether the projects are responsive to security vulnerabilities that are reported to them, whether they have a threat model in place, documentation about how they handle their security process," van Someren said.

The second is a badge programme the Linux Foundation plans to introduce to certify open source projects as secure, while the third will see the foundation try to educate developers in the value of abiding by more secure practices when putting together their code.

Lastly, the Linux Foundation will build "shared tools and resources that we can make available to developers for free", said van Someren.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

7 May 2021
Hackers used SonicWall zero-day flaw to plant ransomware
ransomware

Hackers used SonicWall zero-day flaw to plant ransomware

30 Apr 2021
Botnet targets vulnerable Microsoft Exchange servers
botnets

Botnet targets vulnerable Microsoft Exchange servers

23 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021