Categories: Security

Mozilla Splashes £350,000 On SOS Open Source Security Fund

Firefox maker Mozilla has launched a fund to try and make sure open source software projects stay secure.

The SOS (Secure Open Source) Fund is one part of Mozilla’s wider open source support program called MOSS, and is launched with $500,000 (£350,000) of initial funding.

This cash, according to Mozilla, will go towards “security auditing, remediation, and verification for key open source software projects”.

Unsolved

Mozilla’s Chris Riley penned a blog post this week to announce the fund, where he explained how adequate support for securing open source software is still a problem unsolved, and that the SOS Fund can be the beginning of a change.

“We want to see the numerous companies and governments that use open source join us and provide additional financial support,” said Riley.

“We challenge these beneficiaries of open source to pay it forward and help secure the Internet.”

The fund is essentially to power three different steps in the attempt to secure open source software.

Firstly, Mozilla will contract with and pay professional security firms to audit other projects’ code. Mozilla will also work with project maintainers to support and implement fixes and manage disclosure.

Lastly, Mozilla said it will help pay for the remediation work to be verified and ensure any bugs have been fixed.

According to Riley, Mozilla has already tested this process with the audits of three pieces of software.

Loading ...

“In those audits we uncovered and addressed a total of 43 bugs, including one critical vulnerability and two issues with a widely-used image file format. These initial results confirm our investment hypothesis, and we’re excited to learn more as we open for applications,” he said.
Major security bugs in open source software have been a pain point for the online community for some time now. Flaws such as Heartbleed and Shellshock have not only put users at risk but confirm naysayer opinions that open source software cannot be successful or safe.

Last October, executive director of the Linux Foundation Jim Zemlin said that there needs to be more security education in the open source software community.

Speaking at a keynote during London’s IP Expo, Zemlin said: “Heartbleed literally broke the security of the Internet. Over a long period of time, whether we knew it or not, we became dependent on open source for the security and Integrity of the internet.”

Linux’s answer to this was the Core infrastructure Initiative (CII), a Linux-Foundation led initiative to improve open source security.

The CII offers testing tools and has also launched accreditation programmes for projects that adhere to certain criteria.

“We want to find the projects on the Internet that are broken and fix them. We have raised a multi-million fund to provide grants to projects to help them out,” he said.

Take our data breaches quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Google Jarvis AI Extension Leaked On Chrome Store

Seemingly accidental leak reveals Google is developing Jarvis AI extension that can browse the web…

2 days ago

Amazon Mulls New Multi-Billion Dollar Investment In Anthropic – Report

Amazon is reportedly in talks to pump billions of dollars more into AI start-up Anthropic,…

2 days ago

FTX’s Caroline Ellison Begins Her Two Year Prison Sentence

Star witness for the US prosecution of FTX founder Sam Bankman-Fried, has begun her two…

2 days ago

More Layoffs For iRobot Staff After Abandoned Amazon Deal

After axing 31 percent of its workforce when it failed to be acquired by Amazon,…

3 days ago

Mozilla Foundation Confirms Layoffs, Eliminates Advocacy Division

Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…

3 days ago

Google To Make MFA Mandatory Next Year

Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…

3 days ago