With the recent documentation and exploitation of the “Heartbleed” computer security bug a new light has been shed on the backbone of digital world. Many of the largest companies in the world rely on software developed as an open source project dedicated to the common good. The downside to this model is that without proper funding things like “Heartbleed” can occur. This should be a wake-up call that companies (and Governments) should take a look at their critical infrastructure and make sure to allocate resources to the core pieces.
“Dan Kaminsky, a security researcher who saved the Internet from a similarly fundamental flaw back in 2008, says that Heartbleed shows that it’s time to get “serious about figuring out what software has become Critical Infrastructure to the global economy, and dedicating genuine resources to supporting that code.”
Below is just an example of how the impact of resource allocations will affect the digital future.
“The sad truth is that open source software — which underpins vast swathes of the net — has a serious sustainability problem. While well-known projects such as Linux, Mozilla, and the Apache web server enjoy hundreds of millions of dollars of funding, there are many other important projects that just don’t have the necessary money — or people — behind them. Mozilla, maker of the Firefox browser, reported revenues of more than $300 million in 2012. But the OpenSSL Software Foundation, which raises money for the project’s software development, has never raised more than $1 million in a year; its developers have never all been in the same room. And it’s just one example.”
Essentially we need to prioritize and support those efforts that keep the digital age blinking. Computer systems today are comprised of hundreds, thousands or even millions of lines of code and with all the complexity comes in the increased risk for compromise. All it take as in this case is an unknown error passes scrutiny and sits idol until someone nefarious decides to exploit it and use it compromise computer systems and devices. I add devices because this does not just stop at the enterprise level software or consumer desktops, but also the millions of smart devices we use daily. Now is the time to take a step forward and protect ourselves before we get caught… agan.