Core Infrastructure Initiative
| Core Infrastructure Initiative | |
|---|---|
 |
|
| Mission statement | "To fund open source projects that are in the critical path for core computing functions." |
| Commercial? | No |
| Founder | Jim Zemlin |
| Established | 24 April 2014 |
| Funding | By donations |
| Website | www |
The Core Infrastructure Initiative (CII) is a project of the Linux Foundation to fund and support free and open-source software projects that are critical to the functioning of the Internet and other major information systems. The project was announced on 24 April 2014 in the wake of Heartbleed, a critical security bug in OpenSSL that is used on millions of websites.
OpenSSL is also among the first software projects to be funded by the initiative after it was deemed underfunded, receiving only about $2,000 per year in donations. The initiative will sponsor two full-time OpenSSL core developers. In September 2014, the Initiative offered assistance to Chet Ramey, the maintainer of bash, after the Shellshock vulnerability was discovered.
OpenSSL is an open-source implementation of Transport Layer Security (TLS), allowing anyone to inspect its source code. It is, for example, used by smartphones running the Android operating system and some Wi-Fi routers, and by organizations including Amazon.com, Facebook, Netflix, Yahoo!, the United States of America's Federal Bureau of Investigation and the Canada Revenue Agency.
On 7 April 2014, OpenSSL's Heartbleed bug was publicly disclosed and fixed. The vulnerability, which had been shipped in OpenSSL's current version for more than two years, made it possible for hackers to retrieve information such as usernames, passwords and credit card numbers from supposedly secure transactions. At that time, roughly 17% (around half a million) of the Internet's secure web servers certified by trusted authorities were believed to be vulnerable to the attack.
...
Wikipedia