As of late, chief information officers and their tech teams have been rushing to secure an array of their hardware that may have been comprised due to the Heartbleed bug. While most IT professionals are attempting to deal with the aftermath stemming from the discovery of this OpenSSL glitch, other experts from some of the most prestigious tech companies throughout the world are taking extra precautions.
These big league professionals have recognized that it is not enough to find remedies to patch up the chinks in their data security armor caused by Heartbleed. For this reason, they are coming together to pin down strategies to be proactive and prevent future instances in which their departments blindly accepting openly sourced solutions that may have programming mistakes. Ultimately, these IT professionals plan to heighten their vigilance, taking steps to avoid detrimental consequences resulting from similar bugs that could come along and put their operations in jeopardy.
Organizations became too trusting
According to NPR, a number of tech giants are collaborating, joining their funds and brain power so they can ensure that codes developed via open sourcing are kept secure and that tech teams do not rely too heavily on these resources so that problems can be contained to a limited number of solutions. For the most part, a major reason as to why Heartbleed had such an expansive and severe effect on the IT community was that professionals were too lax about OpenSSL, adopting codes with full yet unfound confidence.
“I think we got a little too comfortable as a community of software developers, and we shouldn’t be,” said Chris DiBona, director of open source at Google, according to NPR. “We should really pay way more attention to the quality of our security software and of these core bits.”
There is no denying that offering free codes to companies has its share of benefits. Numerous companies, including those with notable names, have implemented these solutions throughout their processes, using this coding to encrypt online data. Because IT professionals at these firms were under the impression that this encryption would keep their sensitive information safe, they never considered the possibility that the code itself could be flawed. Rather than investing resources in maintaining and protecting these open-source programs, tech giants like Google relied on this complimentary software without even thinking about the potential problems that could arise from flawed programming.
Companies unite to confront problem
To combat the current Heartbleed concerns and prevent additional problems further down the line, the Linux Foundation’s executive director Jim Zemlin decided to gather forces throughout the IT community and unite the most recognizable firm, CNET reported. The major companies coming together to tackle this dilemma straight on include Facebook, Intel and Google, of course. That being said, the group keeps on growing, which has generated ample buzz about this bold effort.
Zemlin has named this movement as the Core Infrastructure Initiative, and it is going down on a global scale. The more tech giants that band together, the higher the likelihood of someone spotting an issue before it can generate any repercussions.
“The concept that ‘more eyeballs make bugs more shallow’ I don’t think is wrong,” explained Zemlin, as quoted by CNET. “The idea is that we want to facilitate faster idea sharing. This has been somewhat proven by the Linux model.”
After pinpointing problems, IT professionals from these companies aim to isolate the issues and fix them before they can affect any portions of their programs, leaving gaps through which hackers can obtain confidential data. Teams of skilled experts will, ”try to root out these problems before they become problems of the scale of Heartbleed and other holes that are probably lurking out there in the software we all depend on,” Zemlin stated.
As CIOs can imagine, all of this requires resources in terms of monitoring and maintaining open-source software. This means that a generous amount of money will have to be invested to support this endeavor. The Linux leader has taken this into consideration as well, asking each participating company to pledge funds every year.
“Each of the companies is contributing $100,000 per year, with a minimum three-year commitment,” Zemlin stated, according to NPR. “So it’s a long-term commitment – at least long term in technology scale.”