OpenSSL founder warns more support and funding needed to prevent another Heartbleed
Major users of OpenSSL need to flash cash to avoid more bugs
One of the founders of OpenSSL has slammed the industry for not giving the project more financial support in the wake of the Heartbleed disaster.
Steve Marquess, OpenSSL Software Foundation president said in a blog post that the OpenSSL needed money for half a dozen full-time employees rather than the one it has currently.
Donations have been coming into the OpenSSL Software Foundation after last week's discovery of a major flaw in OpenSSL, dubbed Heartbleed, but these have been mostly from individuals and only to the tune of $9,000.
OpenSSL is a critical part of the infrastructure of the internet and Marquess said that the project had "nowhere near enough to properly sustain the manpower levels needed to support such a complex and critical software product."
He castigated Fortune 1000 companies for using the software but not stumping up cash to support the product.
"The ones who include OpenSSL in your firewall/appliance/cloud/financial/security products that you sell for profit, and/or who use it to secure your internal infrastructure and communications," fumed Marquess.
"The ones who don't have to fund an in-house team of programmers to wrangle crypto code, and who then nag us for free consulting services when you can't figure out how to use it."
At present, the foundation relies on support contracts to fund work on the project. Annual contracts start at $20,000. Donations also bring in around $2,000 a year normally.
Marquess said that at least six people needed to be working on the project, instead of the current sole employee, to be able to "concentrate on the care and feeding of OpenSSL without having to hustle commercial work".
"If you're a corporate or government decision maker in a position to do something about it, give it some thought. Please. I'm getting old and weary and I'd like to retire someday," he pleaded.
2021 Thales cloud security study
The challenges of cloud data protection and access management in a hybrid and multi cloud worldFree download
IDC agility assessment
The competitive advantage in adaptabilityFree Download
Digital transformation insights from CIOs for CIOs
Transformation pilotes, co-pilots, and engineersFree download
What ITDMs did next - and what they should be doing now
Enable continued collaboration and communication for hybrid workers