The money is coming from the Core Infrastructure Initiative (CII), a group of tech companies that came together last month in response to Heartbleed. At the time, CII said that each company would contribute at least $100,000 per year to crucial open-source projects over at least a three-year span, but the group didn’t say how it would distribute the funds.

In a press release , the group announced that OpenSSL will get enough money to hire two full-time developers. The Open Crypto Audit Project will also receive funds for a security audit of OpenSSL.

Money is also going to OpenSSH, a set of programs that mainly allows for secure remote logins to Unix-based systems, and to Network Time Protocol, which synchronizes the timing of networked computers. The Linux Foundation will be in charge of distributing the funds.

Many websites and applications rely on OpenSSL to keep communications secure over the Internet. But since 2011, an undetected flaw in the code had theoretically allowed attackers to eavesdrop on these communications.

When researchers disclosed the bug in April, giving it the nickname Heartbleed, it triggered a mad scramble by Web developers to make their sites secure again. It also exposed how ill-equipped OpenSSL was to stamp out bugs. At the time, the group only had one full-time developer, with other developers only contributing contract-based work in their spare time.

Although CII didn’t specify how much money each open-source project would get, in total the group will contribute at least $5.4 million over three years, according to Ars Technica. That’s up from a previously reported figure of $3.6 million, as more tech companies have joined the group recently.

The current membership includes Adobe, Amazon Web Services, Bloomberg, Cisco, Dell, Facebook, Fujitsu, Google, HP, Huawei, IBM, Intel, Microsoft, NetApp, Rackspace, salesforce.com and Vmware.

source: pcworld