Skip to main content

Mozilla launches new fund to help keep open-source software secure

mozilla apple google microsoft lawsuit headquarters
The Mozilla Foundation has launched the Secure Open Source (SOS) Fund to help fund audits of open-source software.

SOS, which is part of the Mozilla Open Source Support (MOSS) program, is making $500,000 available to open-source software makers to ensure that their work is clear of any bugs, and to avoid a repeat of Heartbleed or Shellshock.

Related Videos

“The SOS Fund will provide security auditing, remediation, and verification for key open-source software projects,” said Chris Riley, head of public policy at Mozilla. The fund is starting at half a million dollars but the Mozilla Foundation is encouraging companies and government to put money forward to fund software security research.

The SOS Fund will work in three stages. Mozilla with enlist and pay for the services of security firms to carry out audits on other people’s code. After the audit is completed Mozilla will work with the code creator to implement the fixes. And Mozilla will pay for this remediation to be verified to ensure that all bugs have been fixed thoroughly.

This process has already been carried out on three different open-source software projects to identify vulnerabilities. “In those audits we uncovered and addressed a total of 43 bugs, including one critical vulnerability and two issues with a widely used image file format,” said Riley. “These initial results confirm our investment hypothesis, and we’re excited to learn more as we open for applications.” Applications for funding are open now.

Open-source software relies on collaboration and user involvement to identify and act on bugs. This has become more and more important as open source has become the norm compared to several years ago. However a robust security audit still costs money, and for many smaller software developers this can be prohibitively expensive. For these developers, Mozilla’s new fund will be welcome news but the fund will need more backers in the future to keep it alive and available to a wide audience of software creators.

Editors' Recommendations

GPT-4: how to use, new features, availability, and more
A laptop opened to the ChatGPT website.

ChatGPT-4 has officially been announced, confirming the longtime rumors around its improvements to the already incredibly impressive language skills of OpenAI's ChatGPT.

OpenAI calls it the company's "most advanced system, producing safer and more useful responses." Here's everything we know about it so far.
Availability

Read more
GPT-4 has come to LinkedIn, because of course it has
LinkedIn's GPT-4 headline generator feature.

With the official introduction of Open AI's GPT-4, Microsoft is expanding its range of product support to include AI upgrades embedded into LinkedIn.

The business-focused social media platform announced Thursday that it will begin testing a host of AI-driven features based on both the GPT-3.5 and GPT-4 language models with its Premium subscribers. These functions will allow people to do things such as create more personalized profiles and job descriptions using AI-generated prompts. In particular, the GPT-4 language model will be the power behind AI profile writing, according to LinkedIn.

Read more
How Microsoft 365 Copilot unleashes ChatGPT from its restraints
Copilot in Microsoft Word generating results.

Thanks to ChatGPT, natural language AI has taken the world by storm. But so far, it's felt boxed in. With these chatbots, everything happens in one window, with one search bar to type into.

We've always known these large language models could do far more, though, and it was only a matter of time until that potential was unlocked. Microsoft has just announced Copilot, its own integration of ChatGPT into all its Microsoft 365 apps, including Word, PowerPoint, Outlook, Teams, and more. And finally, we're seeing the way generative AI is going to be used more commonly in the future -- and it's not necessarily as a straightforward chatbot.
Bringing natural language into apps

Read more