Read our Census II Preliminary Report Developed With Harvard on Open Source Software Security Download Report »
Core Infrastructure Initiative.
Fortifying our future.
Millions of Dollars of Shared Vigilance
The stakes have never been higher for open-source software security. With millions of people around the world relying on open source software — and vulnerabilities like Heartbleed putting everyone at risk — it’s time to change the way we support, protect, and fortify open software. With our Core Infrastructure Initiative, we’re taking a collaborative, pre-emptive approach for strengthening cyber security. Many industry giants signed on to harden the security of key open source projects.
What Type of Help Does the Core Infrastructure Initiative Provide
Computing & Test Infrastructure
Additional Security Support
Meet Our Security Experts
Today, a world-class team of security experts helps the Core Infrastructure Initiative identify and fund open source projects that we all rely upon, whether it’s conducting an audit to pinpoint potential weaknesses or collaborating on code to harden security practices.
IBM ResilientBruce Schneier is an internationally renowned security technologist and author, described by The Economist as a "security guru." He has written over a dozen books, four hundred essays and op-eds, 100 academic papers, and a widely read blog and monthly newsletter.
The Linux FoundationKroah-Hartman is among a distinguished group of software developers that maintain Linux at the kernel level. In his role as Linux Foundation Fellow, KroahHartman will continue his work as the maintainer for the Linux stable kernel branch and a variety of subsystems while working in a fully neutral environment. He will also work more closely with Linux Foundation members, workgroups, Labs projects, and staff on key initiatives to advance Linux. Kroah-Hartman created and maintains the Linux Driver Project. He is also currently the maintainer for the Linux stable kernel branch and a variety of different subsystems that include USB, staging, driver core, tty, and sysfs, among others. Most recently, he was a Fellow at SUSE. Kroah-Hartman is an adviser to Oregon State University’s Open Source Lab, a member of The Linux Foundation's Technical Advisory Board, has delivered a variety of keynote addresses at developer and industry events, and has authored two books covering Linux device drivers and Linux kernel development
Johns Hopkins UniversityMatt Green is an Assistant Research Professor at Johns Hopkins University. His research interests are applied cryptography, privacy-preserving cryptographic protocols, and cryptographic engineering. Green was formerly a partner in Independent Security Evaluators, a custom security evaluation and design consultancy. From 1999-2003, he served as a senior technical staff member at AT&T Laboratories/Research in Florham Park, NJ.
MicrosoftMichael is a leading security expert. He is Senior Principal Cybersecurity Architect at Microsoft and is the author or co-author of a number of books including Writing Secure Code, The 19 Deadly Sins of Software Security, The Security Development Lifecycle, and others. At Microsoft he focuses on secure design, programming, and testing techniques.
Carnegie Mellon UniversityRobert is the secure coding technical manager in the CERT Division of Carnegie Mellon University’s Software Engineering Institute (SEI). The CERT Program is a trusted provider of operationally relevant cybersecurity research and innovative and timely responses to our nation’s cybersecurity challenges. The Secure Coding Initiative works with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed. Robert is also an adjunct professor in the School of Computer Science and the Information Networking Institute at Carnegie Mellon University.
NCC GroupTom Ritter is a Practice Director at NCC Group's Cryptography Services, performing cryptographic analysis of protocols and implementations across multiple platforms and environments. He has spent several years leading application security assessments and research on everything from browsers to embedded cell towers, and before that worked as a developer in the Financial Services sector. Some of his public work can be seen at security conferences in Europe, North and South America and in managing NCC Group's work with the Open Technology Fund and the Open Crypto Audit Project, comprising public reports on TrueCrypt, TorBrowser and several other applications. He is involved in IETF Working Groups for secure protocols, is a volunteer for the Tor Project, and works towards security, anonymity, and privacy on the Internet.
The Core Infrastructure Initiative Steering Committee consists of one representative from each of the member companies who support CII. These members work closely with the Advisory Board to help identify projects and developers in need of support; approve specific funding commitments; oversee project roadmaps and select new members for the Advisory Board.