Running the internet, under-funded and under-staffed

Jutta Horstmann

Open Source technologies build the foundation of the free and open internet, but many are developed by only a very small community. They remain under-funded and under-staffed.
Who cares? We all need to, otherwise these projects may die out, leaving critical components unmaintained.
Lightning Box 2

This year we see the 10th anniversary of the disclosure of Heartbleed, an OpenSSL bug allowing for massive exploit of that key encryption library. At the time of disclosure, 17% of the Internet's secure web servers were believed to be vulnerable to the attack. It allowed theft of the servers' private keys and users' session cookies and passwords, making this the “worst vulnerability found since commercial traffic began to flow on the Internet” (Wikipedia).

When Heartbleed was discovered, OpenSSL was maintained by a handful of volunteers, only one of whom worked full-time. Yearly donations to the OpenSSL project were about $2,000$.

In my talk, I will showcase the state of a couple of key and well-known Open Source technologies, exploring their staffing and funding situation. 

We will revisit the improvements that happened since Heartbleed put a spotlight on the situation, but I will also share examples of a continuation of the problem, like the Log4j exploit in 2021.

The session is meant as a call to action both for us as individuals as well as a society, to care for Open Source software and those who write it - as one.of the key common goods our society ‘s infrastructure is built on.