Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Tech Giants Pony Up Cash To Help Prevent Another Heartbleed

Google is among several companies putting money into a fund to help safeguard the Internet from possible security flaws in open-source software.
Marcio Jose Sanchez
/
AP
Google is among several companies putting money into a fund to help safeguard the Internet from possible security flaws in open-source software.

Google, Intel, Facebook and many other tech giants are pooling their money together — for the first time — to fix a glaring hole in cybersecurity. They're launching a multimillion-dollar fund to protect open-source code — the code that anyone can use for free, and that often gets overused and underprotected.

The recent Heartbleed bug crisis was a wake-up call to tech companies, and this new fund is an admission of guilt.

"I think we got a little too comfortable as a community of software developers, and we shouldn't be," says Chris DiBona, director of open source at Google. "We should really pay way more attention to the quality of our security software and of these core bits."

Open-source software is core to the business of many high-tech firms. But for years, they've been using it for free. OpenSSL — the code that got hit by the Heartbleed bug — is used by the majority of websites to send encrypted data safely between users and servers. But Google and others had put zero dollars into the maintenance and upkeep of the software.

The goal now, DiBona says, is to come together "and try to root out these problems before they become problems of the scale of Heartbleed and other holes that are probably lurking out there in the software we all depend on."

Open source is getting more popular, and companies are seeing that when software gets reviewed and edited by many eyeballs, it can be a lot stronger than private, proprietary code.

One of the best-funded open-source projects is Linux. Jim Zemlin, executive director of the Linux Foundation, put in the phone calls to make this new fund happen.

"It was inspired by Winston Churchill, who said, 'Never let a good crisis go to waste,' " Zemlin says.

This pledge of relief money is kind of like when nation-states get together after a tsunami or hurricane and each puts in a little bit.

"Each of the companies is contributing $100,000 per year, with a minimum three-year commitment," Zemlin says. "So it's a long-term commitment — at least long term in technology scale."

Zemlin says the foundation will make sure the money goes to the collective good, and not just one company's bottom line.

Copyright 2020 KQED. To see more, visit KQED.

Aarti Shahani is a correspondent for NPR. Based in Silicon Valley, she covers the biggest companies on earth. She is also an author. Her first book, Here We Are: American Dreams, American Nightmares (out Oct. 1, 2019), is about the extreme ups and downs her family encountered as immigrants in the U.S. Before journalism, Shahani was a community organizer in her native New York City, helping prisoners and families facing deportation. Even if it looks like she keeps changing careers, she's always doing the same thing: telling stories that matter.
KUER is listener-supported public radio. Support this work by making a donation today.