Linux Foundation: The ‘Golden Age of Open-Source’ under Threat by Security Challenges

The Core Infrastructure Initiative (CII) is making plans to make the internet safer according to Jm Zemlin, executive director of the Linux Foundation, who also speaks about the challenges facing open source technology.

Even Linux isn’t immune from the threats posed by threat operators and zero-day vulnerabilities. For instance, the Heartbleed Bug that affected Open SSL, an SSL vulnerability named Poodle and the Shellshock vulnerability in Bash have all affected corporations and open-source institutions, leading to the creation of the CII. The Core Infrastructure Initiative is a Linux-Foundation initiative striving to improve open source security.

The likes of Adobe, Microsoft, Intel, IBM, Google, Facebook, Dell, Amazon and Cisco financially back CII.

Speaking at the IP Expo in London, Zemlin points to the support received by the biggest companies in the tech industry as proof that this is the “golden age” of open source, according to TechWeekEurope.

“Everyone is talking about how to leverage open source. It’s simply a better, faster, cheaper way to innovative.”

A real example is the fact that nearly 80% of the technology in a Tesla automobile is open-source.

“Almost the entirety of the internet is entirely reliant on open source software,” he continued. “We’ve reached a golden age of open source. Virtually every technology and product and service is created using open source.”

The Threats and Challenges Facing Security

Zemlin added that Heartbleed, as a bug has shown that open-source devices and technology are vulnerable just like any other technology.

“Heartbleed literally broke the security of the Internet,” he said. “Over a long period, whether we knew it or not, became dependent on open source for the security and Integrity of the internet.”

A distinct lack of financial support is a big reason as to why the peer review process missed the vulnerabilities. In driving home the point, he noted that OpenSSL gained less than $2,000 a year in donations before Heartbleed struck.

“It’s completely out of proportion to the attention these projects play in society and the Internet,” added  Zemlin. “OpenSSL for a long period of time was essentially maintained by two guys named Steve. Think about that.”

It was in the aftermath of Heartbleed that many technology firms including the major big hitters listed above realized that the open source community had to be embraced.