OpenSSL founder warns more support and funding needed to prevent another Heartbleed


One of the founders of OpenSSL has slammed the industry for not giving the project more financial support in the wake of the Heartbleed disaster.

Steve Marquess, OpenSSL Software Foundation president said in a blog post that the OpenSSL needed money for half a dozen full-time employees rather than the one it has currently.

Donations have been coming into the OpenSSL Software Foundation after last week's discovery of a major flaw in OpenSSL, dubbed Heartbleed, but these have been mostly from individuals and only to the tune of $9,000.

The ones who have never lifted a finger to contribute to the open source community that gave you this gift. You know who you are.

OpenSSL is a critical part of the infrastructure of the internet and Marquess said that the project had "nowhere near enough to properly sustain the manpower levels needed to support such a complex and critical software product."

He castigated Fortune 1000 companies for using the software but not stumping up cash to support the product.

"The ones who include OpenSSL in your firewall/appliance/cloud/financial/security products that you sell for profit, and/or who use it to secure your internal infrastructure and communications," fumed Marquess.

"The ones who don't have to fund an in-house team of programmers to wrangle crypto code, and who then nag us for free consulting services when you can't figure out how to use it."

At present, the foundation relies on support contracts to fund work on the project. Annual contracts start at $20,000. Donations also bring in around $2,000 a year normally.

Marquess said that at least six people needed to be working on the project, instead of the current sole employee, to be able to "concentrate on the care and feeding of OpenSSL without having to hustle commercial work".

"If you're a corporate or government decision maker in a position to do something about it, give it some thought. Please. I'm getting old and weary and I'd like to retire someday," he pleaded.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.