Saturday, May 03, 2014

Funding OpenSSL & other open source

Tech giants, chastened by Heartbleed, finally agree to fund OpenSSL | Ars Technica:
OpenSSL typically receives about $2,000 in donations a year and has just one employee who works full time on the open source code.

Heartbleed, a security flaw in OpenSSL that can expose user passwords and the private encryption keys needed to protect websites....

triggered" a three-year initiative with at least $3.9 million to help under-funded open source projects—with OpenSSL coming first. Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware have all pledged to commit at least $100,000 a year for at least three years to the “Core Infrastructure Initiative,” Linux Foundation"

Bottom line: open source, while free, needs to be reviewed before using.
For example, if Android team did that with OpenSSL,
it would not have millions of phone users exposed.

But there is even more profound solution needed:
optimizing programming languages for open source.
While performance is important, code comprehension,
by both humans and programs, is even more important.

Abstract program representation (AST, syntax tree)
is a step in compiling source to machine code,
and more optimal languages for open source
should be closer to abstract (mathematical) representation.

So one thing that needs funding / support is such research.
Adjusting popular programming languages to "map" to common AST
that could be analyzed by algorithms, and "translated" to other languages.

Visualizing Roslyn Syntax Trees - C# Frequently Asked Questions - Site Home - MSDN Blogs

No comments: