In an effort to stop the next Heartbleed, a group of tech giants have joined forces to fund critical open source projects.
The Core Infrastructure Initiative's first task will be OpenSSL, which fell prey to Heartbleed and caused panic across the Web. Essentially, organisation members - which include Facebook, Microsoft, and Google - will invest in open-source projects to make sure they get off the ground and are as secure as possible.
"We are expanding the work we already do for the Linux kernel to other projects that may need support," Jim Zemlin, executive director of The Linux Foundation, which started the initiative, said in a statement "We are thankful for these industry leaders' commitment to ensuring the continued growth and reliability of critical open source projects."
Other backers include Amazon Web Services (AWS), Cisco, Dell, Fujitsu, IBM, Intel, NetApp, RackSpace, and VMware.
"Open source software makes today's computing infrastructure possible," said Facebook engineering director Doug Beaver. "This initiative will help ensure that these core components of Internet infrastructure get the assistance they need to respond to new threats and to reach new levels of scale."
According to The Linux Foundation, the OpenSSL project has recently received about $2,000 (£1,190) per year in donations. But the Core Infrastructure Initiative wants to change typical funding requests from "the reactive post-crisis asks of today" to proactive reviews to identify the most important needs before another Heartbleed bug emerges.
"Security is an industry-wide concern requiring industry-wide collaboration," Steve Lipner, partner director of software security at Microsoft, said in a statement.
VMware's senior vice president of Cloud Infrastructure, Ray O'Farrell, agreed, saying that the new model of computing "involves a set of choices for customers—on premise, off premise, hybrid—and we must ensure the safety and security across all of those environments."
Tech titans aren't the only ones who can fund open source; the initiative is accepting donations on its website and firms interested in joining can inquire there, too.
Heartbleed, meanwhile, was uncovered by a team of researchers from Google Security and Codenomicon. The OpenSSL weakness left encrypted data supposedly protected by the cryptographic software library open to scammers.
Many companies have already patched the flaw, but some not soon enough: A 19-year-old Canadian was arrested last week for his alleged role in the breach of the Canada Revenue Agency (CRA) website, the first known apprehension for exploiting the Heartbleed bug.