Home News Featured Blogs Jim Zemlin Never Let a Good Crisis Go to Waste: Core Infrastructure Initiative

Never Let a Good Crisis Go to Waste: Core Infrastructure Initiative

Crisis is a difficult thing. In fact, by definition it means a difficult or dangerous situation that needs serious attention.  

Whether it’s an earthquake, multi-car pileup on the freeway or a massive Internet security bug, many times people’s first reaction is to ask: How could it have been prevented or detected earlier? As we finished patching our own servers at The Linux Foundation in the wake of the Heartbleed bug, we asked ourselves how we might be able to help prevent this from happening again. Is there a role we can play to help?

logo-ciiThat’s when we conceived the idea for the Core Infrastructure Initiative (announced last week), which for the first time offers a forum where companies and leading open source developers and industry experts can discuss the critical, shared infrastructure that we all depend on. This is not a corporate only effort. We will depend on the developers from the open source community and experts from their respective fields (security as one example) to inform and guide members on where funding is needed most. This is not unlike the neutral framework we’ve had in place for more than a decade to support Linux and that respects the community norms that make open source successful.

CII intends to support a variety of open source projects that will be identified by members and advisors. Heartbleed was the galvanizing force of the Core Infrastructure Initiative, but we want CII to change reactive responses to a proactive program to identify and fund key developers in essential open source projects. It’s also important for us all to face a harsh reality: security threats aren’t going away. These threats are a fact of life and all software is vulnerable, whether it’s open source or proprietary.

Can CII help minimize the risk of another “Heartbleed?” While security vulnerabilities in our ever more complex software environment are a fact of life, we absolutely hope that by bringing together companies such as Amazon, Cisco, Google, Facebook, Microsoft and more with the developers who work on critical pieces of our infrastructure that we can all help. The idea that open source just happens in someone’s basement is a myth. As the software has grown more complex, so has the need for full time developer support. CII will help identify and fund those projects that are critical to our modern computing fabric but that may be under-resourced.

Please join us in this work and support the developers who are building today’s most critical infrastructure. Anyone can donate to the Core Infrastructure Initiative at the following link:



Subscribe to Comments Feed
  • Peter N. M. Hansteen Said:

    I certainly hope that the Core Infrastructure Initiative will send some funding the OpenBSD project's way. The project develops and maintains a fine, modern Unix that also happens to be the native envirioment of OpenSSH (the SSH client everybody uses), OpenSMTPD (the newest contender for the MTA role), as well as a number of other much used and much-ported components and of course LibreSSL, the in-progress work to clean up the OpenSSL codebase and convert it into a maintainable basis for future development. The most useful way for the Core Infrastructure Initiative to contribute is via the OpenBSD Foundation (, the Canadian non-profit set up for the purpose. The foundation's web site contains links to various sub-projects.

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Linux Training / Board