Do you ever know that only a few people maintain the internet security we have?
Without the issues on heartbleed bug, we will never find out that all the software that protects banks, email, government and social media is only maintained by a few people. Most of them are volunteers and only one person does it as a full-time job.
It sounds alarming because of the countless number of sites that seeks security. Internet population is growing yet only few people monitor and supervise the online security of the internet. The people who passionately embraced their task created this OpenSSL which is a free program that secures many of the online communication.
This OpenSSL is where a tiny coding slip-up two years ago and now created the heartbleed bug. This bug is actually a whole that enables the attackers or hackers to get into other computers. Last week, it finally caused the forced emergency that changes several websites such as Facebook, Google and Yahoo.
Aside from the lack of manpower in security maintenance, security experts also revealed that OpenSSL is really “underfunded, understaffed and largely ignored.” So how can anyone of us expect a greater security service for our sites?
Software Foundation wasn’t able to catch the bug ahead of time because they don’t have enough resources in checking properly all the changes to the software, which sum up to almost half a million lines of code long. And to think of it, these programs guards a larger portion of our commerce and government including the weapon system, smartphones and other devices and the foundation claims.
Steve Marques, the foundation president said in an open letter that “The mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn’t happened more often.”
To think about this incident more critically, Internet security is very important but OpenSSL only has a small amount of budget. Marques said that it only received more that $1million a year, which is not enough to the service it provides to the different companies. Only a single $20,00 renewal contract from the Department of Defense is listed online and allotted for federal support.
Stephen Henson, is actually the only person working full-time. He was a very private mathematician living in England and whom Marquess referred for comment. Despite the occurrence of Heartbleed, the foundation still got a lesser amount of $9,000. Marquess now calls out the assistance of companies that use OpenSSl free.
“I’m looking at you, Fortune 1000 companies,” he wrote.
This lack of funding may serve as a wake up call for those companies to contribute for the OpenSSL foundation. After all the security it gives, it might be the time to give back a little bit.