Just a few weeks ago, the Linux Foundation rounded vendors to fund work to improve and secure the OpenSSL open-source security project. On Thursday, it announced the first concrete steps to do that work.
Specifically, the foundation's Core Infrastructure Initiative (CII) said it will pay for two developers to work on the OpenSSL project and for an audit of the technology to be conducted by the Open Crypto Audit Project.
The CCI also added new members -- Adobe(s adbe), Bloomberg, HP(s hpq), Huawei and Salesforce.com(s crm)-- who will join Amazon(s amzn) Web Services, Cisco(s csco), Dell, Facebook(s fb), Fujitsu, Google(s goog), IBM(s ibm), Intel(s intc), Microsoft(s msft), NetApp(s ntap), Rackspace(s rax), VMware(s vmw) and the Foundation -- in this effort.
The OpenSSL Project is also accepting additional donations
Nearly everyone agrees that OpenSSL does important work that many vendors use in their software and services. But very fewof htem ponied up money to fund that work, a sore point that surfaced after the Heartbleed vulnerability fiasco surfaced in early April.
Each company ponies up $100,000 per year for a minimum of three years so the total investment now stands at $4 million spread over that period.
The CCI said it will also devote resources to the Network Time Protocol for clock synchronization between systems and OpenSSH for encrypted communications.