The Heartbleed vulnerability in open source software allows attackers to steal information.
(Photo : Heartbleed.com)
The devastating Heartbleed Internet bug may be a blessing in disguise. The fatal glitch in online security, affecting everything from banks to email to government, has drawn attention to the fact that the work hours put into open source software amount to those of just two full-time employees, CNNMoney reported.
A handful of volunteers working on a bare-bones budget run the OpenSSL Software Foundation, which oversees the nearly half a million lines of code that make up much of online communication.
"The mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn't happened more often," foundation president Steve Marquess said in an open letter.
According to Marquess, OpenSSL has never taken in more than $1 million in a year despite the vast amount of online resources it is responsible for.
U.K.-based mathematician Stephen Henson is the only actual full-time employee working for OpenSSL; the foundation runs on the strength of a few developers, their work amounting to perhaps the work of two full-time employees, Marquess told CNNMoney.
Just $9,000 has recently been donated to OpenSSL even in light of the Heartbleed bug. Marquess pointed at the billion-dollar companies that use the software, which include such entities as Facebook, Google and Yahoo.
"I'm looking at you, Fortune 1000 companies," he wrote in the letter.
Open source software is used by both startups and big corporations for no cost, but it may be time for them to chip in.
"What do you expect? You got this for free. You get what you pay for," said Marc Gaffan, cofounder of cloud-security provider Incapsula, as quoted by CNNMoney.
Gaffan, whose company has been depending on OpenSSL, has said he will "lead by example" to donate to the foundation.
The Obama administration may get in on the act as well and has been "taking a hard look" at OpenSSL's tools and development.
But in a world after NSA contractor Edward Snowden's big reveal, people will likely be extremely leery of government involvement.
"The public does not want the government involved in the design of the commercial Internet," Former NSA crypto engineer Randy Sabett, who now works as a tech privacy attorney, told CNNMoney. "They don't want back doors put in."