Major Tech Firms Pledge $3.6 Million Open-Source Fund to Avoid Next Heartbleed Bug

The “Heartbleed” bug highlighted one of the Web’s great contradictions: Many enormously profitable companies rely on a tiny group of underpaid programmers to secure their websites -- and those programmers need some help. On Thursday, several big technology companies -- including Google, Facebook and Microsoft -- pledged financial support to the people who maintain OpenSSL, a popular open-source software used to secure about two-thirds of all websites, as well as home routers, millions of smartphones running older Android operating systems, and other Internet-connected devices. Now, a dozen technology firms have pledged $3.6 million -- or $300,000 each over the next three years -- to underfunded open-source projects. OpenSSL would be the first to receive funding. Steve Marquess, president of OpenSSL Software Foundation, which raises money for the programmers, declined to comment Wednesday, saying he was still reviewing how much money would be earmarked for the project. “It looks promising but we’re still evaluating the details,” Marquess said.