Aardvark Daily

Please visit the sponsor!

Leaching off open source

I read something rather stunning this morning.

Apparently, the OpenSSL project which has been at the centre of the Heartbleed vulnerability has received just US$2,000 in donations over the past year or so.

What the?

This is one of the most critical and widely used pieces of software on the Net. It's a piece of software that is developed and maintained by a group who volunteer their time and efforts to doing so -- yet it is used by a huge percentage of corporations, governments and other commercial entities around the world and they've contributed just $2,000 to support it?

Does the word "leach" come to mind?

While those who contribute to such open-source projects clearly do so for reasons other than the chance to earn money, the fact is that those who use such systems for commercial gain have a moral and ethical obligation to give something back.

I find it sweet justice that so many "big name" players in the online world and so many government agencies have been caught with their trousers down in respect to the Heartbeat bug. Perhaps if they'd not simply leached off the efforts of those who put their time and sweat into maintaining this piece of code they wouldn't be engaged in the present scramble to fix this gaping hole.

Perhaps I'm just stupid - but I often donate towards the development of "free" software I might use. As long ago as the days of WinAmp, I've always felt it "the right thing" to fire a few dollars off to those who spend so much time creating such good code on a non-commercial basis.

What a shame that so many commercial entities don't feel the same obligation to pay even a tiny amount for the software that is such a crucial part of their online presence.

It seems that most of these companies figure that there's no legal obligation to pay so why should they?

Well perhaps now they have an answer to that question!

Would the Heartbeat bug have been uncovered by the more effective code reviews and testing that a little more money may have allowed the developers to perform on this software?

I don't know -- but it sure wouldn't have hurt any!

It seems that Steve Marquess, president of the OpenSSL Software Foundation agrees with me and he's been quoted as saying "While OpenSSL does 'belong to the people' it is neither realistic nor appropriate to expect that a few hundred, or even a few thousand, individuals provide all the financial support".

Perhaps it's time to take a quick inventory of all the "free" software you're using and consider tossing even a couple of bucks at the organisations or individuals whose efforts you are taking advantage of.

Please visit the sponsor!

(Sorry, forums are stuffed at present)

PERMALINK to this column

Rank This Aardvark Page

Change Font