The Mozilla Foundation has launched the Secure Open Source (SOS) Fund, a new fund the organization says will provide security auditing, remediation, and verification for key open source software projects. The Fund is part of the Mozilla Open Source Support program (MOSS), and has been allocated $500,000 in initial funding.
Mozilla will tackle the need for more security in the open source ecosystem through three steps, says Chris Riley, head of Public Policy with the organization. Mozilla will contract with and pay professional security firms to audit other projects’ code; work with project maintainers to support and implement fixes, and to manage disclosure; and pay for the remediation work to be verified, to ensure any identified bugs have been fixed.
Mozilla says it has already tested this process with audits of three pieces of open source software, uncovering and addressing a total of 43 bugs, including one critical vulnerability and two issues with a widely-used image file format.
You can find the link to SOS Fund application here.