Heartbleed 2 only affects Android users - but it's a wake-up call
I don't know if OOTJ readers saw the news about the new problems spotted in OpenSSL code. Dubbed at first, Heartbleed 2, it has later been called the Handshake Bug, because it affects how your computer performs the "handshake" protocol when it contacts a server. See News at CNN here. The author at CNN refers to an earlier article which brought up the issue that this critical piece of software, used by businesses worldwide, is maintained by a small band of volunteers, only one of whom can devote full time attention to the task. This is a different take on the matter, which I saw turned in a different light. But according to the more recent article, businesses are suddenly seeing the importance of this software which they have used for free for years, and are donating mazoodles of cash to help fund some better maintenance of the program.
Can you say Tragedy of the Commons? Only sort of. Like most things tech, there is not a limited amount of pie. Everybody using the program is not degrading the program, or using it up like a finite resource -- the grass on the commons eaten by everybody's sheep. However, you had a problem of everybody being free riders and the volunteers who were [happily, one supposes] maintaining the program, only had so much free time to give to the effort. Interesting problem of the modern world.
So, in the emergency moment, at least, large corporations are making donations to the OpenSSL Software Foundation, in response to an open letter from Foundation president Steve Marquess. This organization underwrites the voluntary, collaborative efforts to maintain and improve OpenSSL. Marquess is looking for both donations of money and of staff time.
No comments:
Post a Comment