an SOS fund for Open Source

an SOS fund for Open Source

MozillaRecalling past discoveries of critical Heartbleed and Shellshock security vulnerabilities, Mozilla announces the creation of a fund called Secure Open Source. In particular, it will be used to pay for security audits of some of the most popular open source software programs and libraries.

At the same time, Mozilla will collaborate with open source project maintainers to provide support and implement fixes, and will fund the work necessary to ensure that identified security bugs have been properly fixed.

Focused on security, the SOS fund is part of the Mozilla Open Source Support program launched last year and has been allocated an initial budget of $ 500,000. Mozilla hopes that companies and governments that use Open Source will join its initiative.

"Open source software is used by millions of businesses and thousands of government agencies and in education for critical services and applications. From Google to Microsoft to the United Nations, open source code is now intimately linked to software development that makes the world go round "

, writes Mozilla.

Under the aegis of the Linux Foundation, the Core Infrastructure Initiative – which was already a response to Heartbleed – brings together companies like Google and Microsoft, but also Facebook, Amazon Web Services, Cisco and IBM around project support open source considered critical to the global information infrastructure. Among these, OpenSSL, OpenSSH and NTPd.

Mozilla believes that Secure Open Source is complementary to the Core Infrastructure Initiative. The ideas behind SOS have already been tested with three open source programs: PCRE (Perl-Compatible Regular Expressions), libjpeg-turbo and phpMyAdmin. Following audits, 43 security bugs were discovered including a critical vulnerability affecting PCRE.