OpenSSL founder warns more support and funding needed to prevent another Heartbleed

Major users of OpenSSL need to flash cash to avoid more bugs


One of the founders of OpenSSL has slammed the industry for not giving the project more financial support in the wake of the Heartbleed disaster.

Steve Marquess, OpenSSL Software Foundation president said in a blog post that the OpenSSL needed money for half a dozen full-time employees rather than the one it has currently.

Advertisement - Article continues below

Donations have been coming into the OpenSSL Software Foundation after last week's discovery of a major flaw in OpenSSL, dubbed Heartbleed, but these have been mostly from individuals and only to the tune of $9,000.

The ones who have never lifted a finger to contribute to the open source community that gave you this gift. You know who you are.

OpenSSL is a critical part of the infrastructure of the internet and Marquess said that the project had "nowhere near enough to properly sustain the manpower levels needed to support such a complex and critical software product."

He castigated Fortune 1000 companies for using the software but not stumping up cash to support the product.

"The ones who include OpenSSL in your firewall/appliance/cloud/financial/security products that you sell for profit, and/or who use it to secure your internal infrastructure and communications," fumed Marquess.

"The ones who don't have to fund an in-house team of programmers to wrangle crypto code, and who then nag us for free consulting services when you can't figure out how to use it."

Advertisement - Article continues below
Advertisement - Article continues below

At present, the foundation relies on support contracts to fund work on the project. Annual contracts start at $20,000. Donations also bring in around $2,000 a year normally.

Marquess said that at least six people needed to be working on the project, instead of the current sole employee, to be able to "concentrate on the care and feeding of OpenSSL without having to hustle commercial work".

"If you're a corporate or government decision maker in a position to do something about it, give it some thought. Please. I'm getting old and weary and I'd like to retire someday," he pleaded.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



Evasive malware threats doubled in 2019

24 Mar 2020
data breaches

Printing company exposes 343GB of sensitive military data

20 Mar 2020

10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020

Most Popular

Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020