The Core Infrastructure Initiative (CII) was a project of the Linux Foundation to fund and support free and open-source software projects that are critical to the functioning of the Internet and other major information systems. The project was announced on 24 April 2014 in the wake of Heartbleed, a critical security bug in OpenSSL that is used on millions of websites.

OpenSSL is among the first software projects to be funded by the initiative after it was deemed underfunded, receiving only about $2,000 per year in donations. The initiative will sponsor two full-time OpenSSL core developers. In September 2014, the Initiative offered assistance to Chet Ramey, the maintainer of bash, after the Shellshock vulnerability was discovered.

The CII has since been superseded by the Open Source Security Foundation.

OpenSSL is an open-source implementation of Transport Layer Security (TLS), allowing anyone to inspect its source code. It is, for example, used by smartphones running the Android operating system and some Wi-Fi routers, and by organizations including Amazon.com, Facebook, Netflix, Yahoo!, the United States of America's Federal Bureau of Investigation and the Canada Revenue Agency.

On 7 April 2014, OpenSSL's Heartbleed bug was publicly disclosed and fixed. The vulnerability, which had been shipped in OpenSSL's current version for more than two years, made it possible for hackers to retrieve information such as usernames, passwords and credit card numbers from supposedly secure transactions. At that time, roughly 17% (around half a million) of the Internet's secure web servers certified by trusted authorities were believed to be vulnerable to the attack.

According to Linus's law, from Raymond's book The Cathedral and the Bazaar, "Given enough eyeballs, all bugs are shallow." In other words, if there are enough people working on the software, a problem will be found quickly and its fix will be obvious to someone. Raymond stated in an interview that "there weren't any eyeballs" for the Heartbleed bug.

Prior to the CII funding, only one person, Stephen Henson, worked full-time on OpenSSL; Henson approved well over half of the updates to more than 450,000 lines of the OpenSSL's source code. Besides Henson, there are three core volunteer programmers. The OpenSSL Project existed on a budget of $2,000 per year in donations, which was enough to cover the electrical bill, and Steve Henson was earning around $20,000 per year. To gather more revenue for the project, Steve Marquess, a consultant for the Defense Department, created the OpenSSL Software Foundation. This allowed programmers to make some money by consulting for organizations that used the code. However, the foundation brought in less than $1 million per year, and the contract work tended to focus on adding new features rather than maintaining the old ones.

Other open-source software projects have similar difficulties. For example, the maintainers of OpenBSD, a security-conscious operating system, nearly had to shut the project down in early 2014 because it could not pay the electricity bills.