Apr 19, 2014 11:36 AM EDT
Heartbleed Update: One Full-Time Worker Maintains Our Online Security

The devastating Heartbleed Internet bug may be a blessing in disguise. The fatal glitch in online security, affecting everything from banks to email to government, has drawn attention to the fact that the work hours put into open source software amount to those of just two full-time employees, CNNMoney reported.

A handful of volunteers working on a bare-bones budget run the OpenSSL Software Foundation, which oversees the nearly half a million lines of code that make up much of online communication.

"The mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn't happened more often," foundation president Steve Marquess said in an open letter.

According to Marquess, OpenSSL has never taken in more than $1 million in a year despite the vast amount of online resources it is responsible for.

U.K.-based mathematician Stephen Henson is the only actual full-time employee working for OpenSSL; the foundation runs on the strength of a few developers, their work amounting to perhaps the work of two full-time employees, Marquess told CNNMoney.

Just $9,000 has recently been donated to OpenSSL even in light of the Heartbleed bug. Marquess pointed at the billion-dollar companies that use the software, which include such entities as Facebook, Google and Yahoo.

"I'm looking at you, Fortune 1000 companies," he wrote in the letter.

Open source software is used by both startups and big corporations for no cost, but it may be time for them to chip in.

"What do you expect? You got this for free. You get what you pay for," said Marc Gaffan, cofounder of cloud-security provider Incapsula, as quoted by CNNMoney.

Gaffan, whose company has been depending on OpenSSL, has said he will "lead by example" to donate to the foundation.

The Obama administration may get in on the act as well and has been "taking a hard look" at OpenSSL's tools and development.

But in a world after NSA contractor Edward Snowden's big reveal, people will likely be extremely leery of government involvement.

"The public does not want the government involved in the design of the commercial Internet," Former NSA crypto engineer Randy Sabett, who now works as a tech privacy attorney, told CNNMoney. "They don't want back doors put in."

See Now: OnePlus 6: How Different Will It Be From OnePlus 5?

 PREVIOUS POST
NEXT POST 

EDITOR'S PICK    

Hyundai to Invest $16.1 Billion for EV Business; Sets Annual Sales Goal of 1.87M Electric Cars by 2030

World's Most Expensive and Most Heavily-optioned Porsche 928 GTS is Coming Home to the U.S.

Major Boost as Tesla Giga Berlin Facility in Final Phase of Approval Process; Delivery Event Set This Month

Audi Looking for e-tron Electric Vehicles to Spur Car Brand's Growth in India in 2022

Toyota Offers Free EV Charging to Owners of 2023 bZ4X After Partnership Agreement with EVgo

2022 Suzuki Baleno Finally Unveiled in India: What are the Specs and Features of this City Car?