Mozilla Funds Open Source Code Audits
Written by Alex Armstrong   
Friday, 17 June 2016

As part of the Mozilla Open Source Support program (MOSS), the Mozilla Foundation has set up a fund dedicated to helping open source software projects eradicate code vulnerabilities.

 

The newly launched Secure Open Source (SOS) Fund has been allocated $500,000 in initial funding to cover audits of some widely-used open source libraries and programs.

In his announcement, inviting open source projects to apply for this support, Chris Riley, Mozilla’s Head of Public Policy, explained the way in which the SOS fund was intended to provide security auditing, remediation, and verification for key open source software projects, in the wake of major security bugs, such as Heartbleed and Shellshock. 

Riley pointed out the importance of this initiative:

Open source software is used by millions of businesses and thousands of educational and government institutions for critical applications and services. From Google and Microsoft to the United Nations, open source code is now tightly woven into the fabric of the software that powers the world. Indeed, much of the Internet – including the network infrastructure that supports it – runs using open source technologies. As the Internet moves from connecting browsers to connecting devices (cars and medical equipment), software security becomes a life and death consideration.

Riley also outlined how SOS will operate: 

  • Mozilla will contract with and pay professional security firms to audit other projects’ code

  • Mozilla will work with the project maintainer(s) to support and implement fixes, and to manage disclosure

  • Mozilla will pay for the remediation work to be verified, to ensure any identified bugs have been fixed

To date three open source projects - PCRE2, a C library for implementing Perl-Compatible Regular Expressions; libjpeg-turbo, and phpMyAdmin - have undergone audits performed by Cure53 and NCC Group. As a result 43 vulnerabilities fixed (including one considered critical, were uncovered and addressed.

As well as encouraging open source projects to be audited, Riley also invited funders to come forward, stating: 

"We want to see the numerous companies and governments that use open source join us and provide additional financial support.”

 

mflogo
 

 

More Information

MOSS/Secure Open Source

Help Make Open Source Secure

 

Related Article

Mozilla Distributes Funds To Open Source 

Mozilla Open Source Support Program 

Heartbleed - The Programmer's View

ShellShock - Yet Another Code Injection Vulnerability

Vulnerability Revealed In GNU C Library 

Ever Increasing Need For Secure Programming 

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, FacebookGoogle+ or Linkedin.

 

Banner

Parasoft Adds AI Assistant To C/C++ Test
30/06/2025

Parasoft has updated its C/C++ Test software with an AI-powered documentation assistant, along with complete support for MISRA C:2025 and auto-suppression of equivalent violations. C/C++ Test can be u [ ... ]


+ Full Story
Linux Passes 5% Milestone
22/07/2025

Latest figures from StatCounter show that Linux achieved a 5.03% share of the Desktop Operating System market in June 2025, something that is being viewed as a pivotal moment for open-source soft [ ... ]


+ Full Story
More News

 

pico book

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Friday, 17 June 2016 )