Categories: Security

Mozilla Splashes £350,000 On SOS Open Source Security Fund

Firefox maker Mozilla has launched a fund to try and make sure open source software projects stay secure.

The SOS (Secure Open Source) Fund is one part of Mozilla’s wider open source support program called MOSS, and is launched with $500,000 (£350,000) of initial funding.

This cash, according to Mozilla, will go towards “security auditing, remediation, and verification for key open source software projects”.

Unsolved

Mozilla’s Chris Riley penned a blog post this week to announce the fund, where he explained how adequate support for securing open source software is still a problem unsolved, and that the SOS Fund can be the beginning of a change.

“We want to see the numerous companies and governments that use open source join us and provide additional financial support,” said Riley.

“We challenge these beneficiaries of open source to pay it forward and help secure the Internet.”

The fund is essentially to power three different steps in the attempt to secure open source software.

Firstly, Mozilla will contract with and pay professional security firms to audit other projects’ code. Mozilla will also work with project maintainers to support and implement fixes and manage disclosure.

Lastly, Mozilla said it will help pay for the remediation work to be verified and ensure any bugs have been fixed.

According to Riley, Mozilla has already tested this process with the audits of three pieces of software.

Loading ...

“In those audits we uncovered and addressed a total of 43 bugs, including one critical vulnerability and two issues with a widely-used image file format. These initial results confirm our investment hypothesis, and we’re excited to learn more as we open for applications,” he said.
Major security bugs in open source software have been a pain point for the online community for some time now. Flaws such as Heartbleed and Shellshock have not only put users at risk but confirm naysayer opinions that open source software cannot be successful or safe.

Last October, executive director of the Linux Foundation Jim Zemlin said that there needs to be more security education in the open source software community.

Speaking at a keynote during London’s IP Expo, Zemlin said: “Heartbleed literally broke the security of the Internet. Over a long period of time, whether we knew it or not, we became dependent on open source for the security and Integrity of the internet.”

Linux’s answer to this was the Core infrastructure Initiative (CII), a Linux-Foundation led initiative to improve open source security.

The CII offers testing tools and has also launched accreditation programmes for projects that adhere to certain criteria.

“We want to find the projects on the Internet that are broken and fix them. We have raised a multi-million fund to provide grants to projects to help them out,” he said.

Take our data breaches quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

18 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

18 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

19 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

21 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

24 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

1 day ago