How the Rise of Open Source Could Improve Software Security


One of Jim Zemlin’s top priorities for 2015 is security. As executive director of the Linux Foundation, his purview extends beyond Linux to Cloud Foundry, Open Daylight, Tizen, Xen, and many more — including the Core Infrastructure Initiative that was formed in response to the hellacious HeartBleed vulnerability in OpenSSL discovered last year. The hourlong conversation I had with Zemlin last week began and ended with discussing that initiative.

We all know the Heartbleed saga: The flaw stood unaddressed for two years until Neel Mehta of Google Security found it in March. A patch was made available almost immediately. But tracking down and patching all those OpenSSL instances took months, and over time evidence surfaced of breaches related to the flaw, including one at Community Health Services that reportedly affected 4.5 million people.

Read more at InfoWorld.