Categories: Security

Mozilla Splashes £350,000 On SOS Open Source Security Fund

Firefox maker Mozilla has launched a fund to try and make sure open source software projects stay secure.

The SOS (Secure Open Source) Fund is one part of Mozilla’s wider open source support program called MOSS, and is launched with $500,000 (£350,000) of initial funding.

This cash, according to Mozilla, will go towards “security auditing, remediation, and verification for key open source software projects”.


Mozilla’s Chris Riley penned a blog post this week to announce the fund, where he explained how adequate support for securing open source software is still a problem unsolved, and that the SOS Fund can be the beginning of a change.

“We want to see the numerous companies and governments that use open source join us and provide additional financial support,” said Riley.

“We challenge these beneficiaries of open source to pay it forward and help secure the Internet.”

The fund is essentially to power three different steps in the attempt to secure open source software.

Firstly, Mozilla will contract with and pay professional security firms to audit other projects’ code. Mozilla will also work with project maintainers to support and implement fixes and manage disclosure.

Lastly, Mozilla said it will help pay for the remediation work to be verified and ensure any bugs have been fixed.

According to Riley, Mozilla has already tested this process with the audits of three pieces of software.

Loading ...

“In those audits we uncovered and addressed a total of 43 bugs, including one critical vulnerability and two issues with a widely-used image file format. These initial results confirm our investment hypothesis, and we’re excited to learn more as we open for applications,” he said.
Major security bugs in open source software have been a pain point for the online community for some time now. Flaws such as Heartbleed and Shellshock have not only put users at risk but confirm naysayer opinions that open source software cannot be successful or safe.

Last October, executive director of the Linux Foundation Jim Zemlin said that there needs to be more security education in the open source software community.

Speaking at a keynote during London’s IP Expo, Zemlin said: “Heartbleed literally broke the security of the Internet. Over a long period of time, whether we knew it or not, we became dependent on open source for the security and Integrity of the internet.”

Linux’s answer to this was the Core infrastructure Initiative (CII), a Linux-Foundation led initiative to improve open source security.

The CII offers testing tools and has also launched accreditation programmes for projects that adhere to certain criteria.

“We want to find the projects on the Internet that are broken and fix them. We have raised a multi-million fund to provide grants to projects to help them out,” he said.

Take our data breaches quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

2 days ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

3 days ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

3 days ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

3 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

3 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

3 days ago