Core Infrastructure Initiative is investing $452,000 in grants to improve the security for open source code.
The Linux Foundation is funding three projects to improve the security for open source code.
The Core Infrastructure Initiative, part of the Linux Foundation, is investing $452,000 in grants to the Reproducible Builds Project ($200,000), the Fuzzing Project ($60,000) and False-Positive-Free ($192,000).
Emily Ratliff, senior director infrastructure security, CII, told eWEEK: "Every distribution signs their build, and every project has the capability to release signed builds.
"What is missing is for the capability of those builds to have the same hash when built at different times on different systems."
Reproducible Builds is aiming for application binaries to match exactly, this means that the end user will be able to compare what they get from distros with what the developer and package manager intended to create.
The Fuzzing Project, which is using a common code testing approach, will interact with open-source projects to submit bugs and make sure they are fixed. While False-Positive-Free, which has its root in a closed-source tool, is receiving the funding to evolve its project in open source.
CII, which was created in response to the Heartbleed OpenSSL vulnerability, is financially backed by Adobe, Bloomberg, HP, VMware, Rackspace, Microsoft, Intel, IBM, Google, Fujitsu, Facebook, NetApp, Dell, Amazon and Cisco.