After Heartbleed, OpenSSL Calls for More Support

The president of the OpenSSL Foundation said the organization needs more support from companies and governments that use its software so that it can be better equipped to spot and fix flawed pieces of code such as the Heartbleed bug.

The OpenSSL Foundation handles the finances required to support OpenSSL, a piece of software used by countless websites to secure user data. Recently, researchers discovered a flaw in OpenSSL named the Heartbleed bug, which made it possible for hackers to discreetly steal information from websites for about two years.

Since the bug's discovery, the OpenSSL Foundation has received hundreds of donations from individuals, but it is not enough, wrote Steve Marquess, the organization's president, in an online note.

"While OpenSSL does 'belong to the people' it is neither realistic nor appropriate to expect that a few hundred, or even a few thousand, individuals provide all the financial support," Marquess wrote. "The ones who should be contributing real resources are the commercial companies and governments who use OpenSSL extensively and take it for granted."

OpenSSL is used by two thirds of the world's Web servers. That means numerous businesses and government organizations, including the United States, use OpenSSL to secure their websites.

Marquess said the organization takes in about $2,000 a year in donations and receives the rest of its funds from support contracts, in which part-time staffers will work with specific clients to resolve their issues. It has never taken in more than $1 million in annual revenue.

OpenSSL only employs one full-time staffer, but Marquess said the organization should have at least six full-time staffers if it is expected to protect so many websites and services.

"If you're a corporate or government decision maker in a position to do something about it, give it some thought," he wrote.

Comments are closed.