OpenSSL founder warns more support and funding needed to prevent another Heartbleed

Major users of OpenSSL need to flash cash to avoid more bugs

Hacking

One of the founders of OpenSSL has slammed the industry for not giving the project more financial support in the wake of the Heartbleed disaster.

Steve Marquess, OpenSSL Software Foundation president said in a blog post that the OpenSSL needed money for half a dozen full-time employees rather than the one it has currently.

Donations have been coming into the OpenSSL Software Foundation after last week's discovery of a major flaw in OpenSSL, dubbed Heartbleed, but these have been mostly from individuals and only to the tune of $9,000.

OpenSSL is a critical part of the infrastructure of the internet and Marquess said that the project had "nowhere near enough to properly sustain the manpower levels needed to support such a complex and critical software product."

He castigated Fortune 1000 companies for using the software but not stumping up cash to support the product.

"The ones who include OpenSSL in your firewall/appliance/cloud/financial/security products that you sell for profit, and/or who use it to secure your internal infrastructure and communications," fumed Marquess.

"The ones who don't have to fund an in-house team of programmers to wrangle crypto code, and who then nag us for free consulting services when you can't figure out how to use it."

At present, the foundation relies on support contracts to fund work on the project. Annual contracts start at $20,000. Donations also bring in around $2,000 a year normally.

Marquess said that at least six people needed to be working on the project, instead of the current sole employee, to be able to "concentrate on the care and feeding of OpenSSL without having to hustle commercial work".

"If you're a corporate or government decision maker in a position to do something about it, give it some thought. Please. I'm getting old and weary and I'd like to retire someday," he pleaded.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021