Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Crowd funding for open source could prevent future flaws

by The Gurus
April 17, 2015
in Editor's News
revenue
Share on FacebookShare on Twitter

Open source projects would benefit from a funding system that would secure funds for future development.
 
Chris Wysopal, CTO of Veracode, said that the model which Wikipedia uses to ask for cash donations could work for open source projects to ensure that a developer could be paid to fix future escalating flaws.
 
He said: “I wonder if when you downloaded OpenSSL, it said ‘donate $1 to make sure that there is a security audit done’ how many would pay? I think that would fund an audit and fix of the software that you are reliant on. It is interesting that the Wiki foundation has been successful with the model of small donations but we’ve not seen it with open source, but I wonder if it is coming.”
 
Wysopal said that if you go back ten years, many articles were on whether open source was secure and whether it can be trusted, and over the years there have been vulnerabilities, but as there are vulnerabilities in all software, open source should not be singled out.
 
“So now we have come to a more mature place where we know there are vulnerabilities and we want to use it, so let’s try and secure it,” he said. “The industry is heading in the right direction, but it is slow to make these changes.”
 
The concept of crowd funding for open source was welcomed. Brian Honan, CEO of BH Consulting, said that financial support is welcome for any Open Source project as it can help fund resources such as hosting.
 
He said: “One of the biggest challenges open source security projects face is getting skilled people involved in the project. If we had more skilled individuals willing to give up their time to help work on the project we may get a better return on that. It would be great if vendors who integrate such tools would donate some of their staff resources to the projects or encourage their staff to contribute.  Money helps a lot but skilled resources would help more.”
 
In an email to IT Security Guru, Chris Boyd, malware intelligence analyst at Malwarebytes, said: “I don’t think there’s a problem donating to open source software, as that’s been happening for many years.
 
“The key difference here is that people would be asked to donate for something that’s essentially critical to the functionality of the software in question. Not everybody would pay, so there’s a danger that those contributing would ask ‘What’s in it for me?’ when their donation has a positive impact on all software users.
 
“The obvious answer is that ‘It works as intended’ but the success of Kickstarter in recent years could lead to the development of a tiered rewards programme for those who want an added incentive.​”

Tags: FundingHeartbleedOpen Source
ShareTweet
Previous Post

PCI SSC standard removes SSL with v3.1 release

Next Post

Will forensic technology on endpoints aid investigation and stop breaches and infections?

Recent News

Huntress Launches Managed ISPM as Identity Attacks Drive 79% of Severe Security Incidents

June 30, 2026
Organisations wasting 42% of security time on low-priority risks, Filigran research finds

Organisations wasting 42% of security time on low-priority risks, Filigran research finds

June 30, 2026
Proton launches Lumo 2.0, doubling down on zero-access encryption as AI security risk grows

Proton launches Lumo 2.0, doubling down on zero-access encryption as AI security risk grows

June 30, 2026
Keeper Security launches Microsoft Teams integration for privileged access management

Keeper Security launches Microsoft Teams integration for privileged access management

June 26, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol