The Heartbleed flaw did a number on the blood pressure of many a developer and administrator. But out of every evil, heinous thing this nasty bug did, one thing arose from the ashes of the burned hearts of the OpenSSL developers — funding. That's right, the open-source version of SSL has been given a massive injection of funding from the likes of Google, Facebook, Amazon, Cisco, Dell, IBM, Intel, and (get this) Microsoft. In fact, a dozen tech firms have pledged over $3.6 million dollars to underfunded open-source projects.
The funding comes in comes in $300,000 dollar increments over the next three years — each increment going to a different project. The first project to receive the funding? OpenSSL. The funding will be used to hire full-time programmers, each to focus entirely on the OpenSSL code.
Beyond the implications of the Heartbleed vulnerability, this move clearly indicates the corporate masses have finally recognized just how crucial open source is to business — not just on an internal level, but on a global level.
But this has been the case for years. Apache, Samba, OpenSSL — there are plenty of open-source projects that help to run systems and processes the world depends upon. It's a shame that it's taken such a nasty flaw to help some people realize just how important open source is to technology.
Over the years, I've seen many companies jump on and off the open-source bandwagon like it's a childhood game. They jump on, find there isn't as much profitability to be had, and jump back off. This time, however, things are different. These companies are now seeing they cannot fully function if open source is broken. It's in their best interest to ensure open-source projects like OpenSSL are secure and reliable — this means opening up their checkbooks and funding the projects.
What will come of this? I fully believe other projects are going to see a rise in interest and funding. The thing about open source is that so many work so hard for nothing. That work is often implemented into other, bigger, projects. The whole of the open-source community benefits from one another like no other system. And when one weak link exists, the whole is lessened. This doesn't mean I believe every open-source project should benefit from this type of funding. The developers of Gedit certainly aren't coding anything nearly as crucial to great goliath Capitalism as are those who work on OpenSSL. But there certainly exists a collection of open-source projects that should be funded, either by corporate conglomerates or government entities:
- Linux (kernel)
As much as I would like to insert a distribution in there, that's a tough call. Ubuntu is probably the most widely used distribution (though Distro Watch would give that title to Mint). Ubuntu, however, is already funded by Canonical. If I were going to place a distribution on this list, it would be Debian. Why? Debian is the rock in which Ubuntu is built, and Ubuntu is the platform in which others (like Mint) are crafted.
Although the masses do not yet understand just how key open source is to the very foundation of the services they use, they will. Heartbleed perfectly illustrates just how widespread open source is — and the role it plays in making all of the pieces come together to drive technology. Of this, there is no denying. In fact, it's become nearly impossible to deny the role open source now plays and will play in the "internet of nearly every single thing." The new world order is driven by open source.
What do you think? Are these companies spot on for funding open source? Will more funding pop up to help drive open-source projects forward? Or do you think this is nothing more than a hiccup that will fade when the fear of Heartbleed vanishes from the radar?
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.