Copyright ©2014 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

MELISSA BLOCK, HOST:

And now to the issue of cyber security. Google, Intel, Facebook and many other tech giants are pooling their money together, for the first time, to fix a glaring hole. Today, they're launching a new multimillion-dollar fund to protect open source code. It's the code that anyone can use for free and that often gets overused and under-protected.

From member station KQED in San Francisco, Aarti Shahani has this report.

AARTI SHAHANI, BYLINE: A recent crisis known as the Heartbleed bug was a wake-up call to tech companies. And this new fund is an admission of guilt.

CHRIS DIBONA: I think we got a little too comfortable as a community of software developers. And we shouldn't be.

SHAHANI: Chris DiBona is director of open source at Google.

DIBONA: We should really pay way more attention to the quality of our security software and of these core bits.

SHAHANI: Open source software is core to the business of many high-tech firms. But for years and years, they've been using it for free. Take OpenSSL, the code that got hit by the Heartbleed bug. The majority of websites, from the Fortune 500s to the moms-and-pops, use OpenSSL to send encrypted data safely between users and servers. But Google and others put zero dollars into the maintenance and upkeep of the software. The goal now is to come together...

DIBONA: And try to root out these problems before they become problems of the scale of Heartbleed, and other holes that are probably lurking out there in the software we all depend on.

SHAHANI: Open source is getting more popular. And companies are seeing that when software gets reviewed and edited by many eyeballs, it can be a lot stronger than private, proprietary code. One of the best-funded open source projects in the world is Linux. Jim Zemlin is the executive director of the Linux Foundation, and he put in the phone calls to make this new fund happen.

JIM ZEMLIN: It was inspired by Winston Churchill, who said: Never let a good crisis go to waste.

SHAHANI: This pledge of relief money is kind of like when nation-states get together after a tsunami or hurricane and each puts in a little bit.

ZEMLIN: Each of the companies is contributing $100,000 per year, with a minimum three-year commitment, so it's a long-term commitment, at least long term in technology scale.

SHAHANI: Zemlin says the foundation will make sure the money goes to the collective good and not just one company's bottom line. For NPR News, I'm Aarti Shahani in San Francisco.

Copyright © 2014 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.