The U.S. Government: Paying to Undermine Internet Security, Not to Fix It
from ProPublica:
The U.S. Government: Paying to Undermine Internet Security, Not to Fix It
One lesson of the Heartbleed bug is that the U.S. needs to stop running Internet security like a Wikipedia volunteer project.
by Julia Angwin
ProPublica, April 15, 2014, 12:50 p.m.
The Heartbleed computer security bug is many things: a catastrophic tech failure, an open invitation to criminal hackers and yet another reason to upgrade our passwords on dozens of websites. But more than anything else, Heartbleed reveals our neglect of Internet security.
The United States spends more than $50 billion a year on spying and intelligence, while the folks who build important defense software in this case a program called OpenSSL that ensures that your connection to a website is encrypted are four core programmers, only one of whom calls it a full-time job.
In a typical year, the foundation that supports OpenSSL receives just $2,000 in donations. The programmers have to rely on consulting gigs to pay for their work. "There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work," says Steve Marquess, who raises money for the project.
Is it any wonder that this Heartbleed bug slipped through the cracks? ...................(more)
The complete piece is at:
http://www.propublica.org/article/the-u.s.-government-paying-to-undermine-internet-security-not-to-fix-it