For the last Monday in April, we have a few privacy and security bits and bytes to start your week.
Tech Heavy Hitters Fund Open-Source Project
By now, you likely are aware that the Heartbleed bug originated in a coding error in OpenSSL – an open-sourced Secure Socket Layer program. Open source is good code in most respects, having been contributed to and tested by hundreds of experienced users. But therein lies the problem as well. There is no real QA. Code is contributed and usually uploaded on the fly and bugs are reported by the user community with fixes also contributed. The Washington Post reported that a group called the Core Infrastructure Initiative will pull together companies including Amazon, Cisco, Facebook, Google, IBM, Microsoft, Intel and others. Each company has agreed to pledge $100,000 per year over the next three years to fund this initiative to help prevent pervasive security vulnerabilities in the future.
In the interim: make sure you know what open source code your developers are using and how that code can affect your end users and customers.