Linux Foundation Restructuring CII Security Effort for Scale
The CTO of the Linux Foundation discusses how the governance structure for the Core Infrastructure Initiative is changing to promote better security. [VIDEO]
Since creating the Core Infrastructure Initiative (CII) in 2014 in response to the Heartbleed vulnerability in the OpenSSL cryptographic library, the Linux Foundation has raised $5.8 million in funding to support the effort. It easily could raise much more, given its popularity.
Nicko van Someren, CTO of the Linux Foundation, is leading an effort to restructure the governance model for the CII, to help accelerate security for the internet. In a video interview, he details his suggested changes, which are being reviewed by the CII's existing membership.
"We're changing the governance to be tighter and more focused," he said.
The goal in restructuring the CII's governance model is about enabling the organization to more quickly deliver on its mission of helping to secure the internet. In the final analysis, van Someren wants developers and organizations to stop and think about security, rather than just rushing headlong to add new features.
"It's not that developers, whether open source or closed source, don't care care about security; it's that they have other things on their mind," van Someren said. "We need to stop and take a breath and say that we will think about security early in the design process, and we're going to keep thinking about security proactively rather than reactively."
The Linux Foundation has a backlog of organizations that want to join the CII effort, he said, but he's been holding off on adding new members until the governance changes are approved, likely at the end of the summer.
Watch the video interview with Nicko van Someren below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.