Categories: Security

Mozilla Splashes £350,000 On SOS Open Source Security Fund

Firefox maker Mozilla has launched a fund to try and make sure open source software projects stay secure.

The SOS (Secure Open Source) Fund is one part of Mozilla’s wider open source support program called MOSS, and is launched with $500,000 (£350,000) of initial funding.

This cash, according to Mozilla, will go towards “security auditing, remediation, and verification for key open source software projects”.

Unsolved

Mozilla’s Chris Riley penned a blog post this week to announce the fund, where he explained how adequate support for securing open source software is still a problem unsolved, and that the SOS Fund can be the beginning of a change.

“We want to see the numerous companies and governments that use open source join us and provide additional financial support,” said Riley.

“We challenge these beneficiaries of open source to pay it forward and help secure the Internet.”

The fund is essentially to power three different steps in the attempt to secure open source software.

Firstly, Mozilla will contract with and pay professional security firms to audit other projects’ code. Mozilla will also work with project maintainers to support and implement fixes and manage disclosure.

Lastly, Mozilla said it will help pay for the remediation work to be verified and ensure any bugs have been fixed.

According to Riley, Mozilla has already tested this process with the audits of three pieces of software.

Loading ...

“In those audits we uncovered and addressed a total of 43 bugs, including one critical vulnerability and two issues with a widely-used image file format. These initial results confirm our investment hypothesis, and we’re excited to learn more as we open for applications,” he said.
Major security bugs in open source software have been a pain point for the online community for some time now. Flaws such as Heartbleed and Shellshock have not only put users at risk but confirm naysayer opinions that open source software cannot be successful or safe.

Last October, executive director of the Linux Foundation Jim Zemlin said that there needs to be more security education in the open source software community.

Speaking at a keynote during London’s IP Expo, Zemlin said: “Heartbleed literally broke the security of the Internet. Over a long period of time, whether we knew it or not, we became dependent on open source for the security and Integrity of the internet.”

Linux’s answer to this was the Core infrastructure Initiative (CII), a Linux-Foundation led initiative to improve open source security.

The CII offers testing tools and has also launched accreditation programmes for projects that adhere to certain criteria.

“We want to find the projects on the Internet that are broken and fix them. We have raised a multi-million fund to provide grants to projects to help them out,” he said.

Take our data breaches quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago