With an aim to enhance security within open source software, Mozilla has announced the launch of its new fund. The new offering — called Secure Open Source (SOS) Fund — is part of the Mozilla Open Source Support programme and allocates $500,000 in initial funding.
Mozilla is targeting the SOS Fund to cover audits of some popular open source libraries and programs. Additionally, it is expecting participation from companies and governments worldwide to take open source security to new levels.
“From Google and Microsoft to the United Nations, open source code is now tightly woven into the fabric of the software that powers the world,” writes Chris Riley, head of public policy, Mozilla, in a blog post. “Indeed, much of the Internet – including the network infrastructure that supports it – runs using open source technologies. As the Internet moves from connecting browsers to connecting devices (cars and medical equipment), software security becomes a life and death consideration.”
Under the new fund, Mozilla will contract with professional security firms to audit project codes. The browser maker will also jointly work with project maintainers to support and implement fixes as well as manage disclosure.
To encourage secure practices to protect open source solutions in the market, the company is set to pay for the remediation work directly through the fund.
Already tested its relevancy
Riley says that Mozilla has already tested the newly designed process for securing open source. The company addressed a total of 43 bugs in three different pieces of open source software — suggesting the success of the development.
Mozilla’s step to launch a special fund for securing open source is certainly vital for the software industry. Moreover, it could reduce the instances of vulnerabilities that emerged in the past.