Skip to main content

Mozilla launches new fund to help keep open-source software secure

The Mozilla Foundation has launched the Secure Open Source (SOS) Fund to help fund audits of open-source software.

SOS, which is part of the Mozilla Open Source Support (MOSS) program, is making $500,000 available to open-source software makers to ensure that their work is clear of any bugs, and to avoid a repeat of Heartbleed or Shellshock.

Recommended Videos

“The SOS Fund will provide security auditing, remediation, and verification for key open-source software projects,” said Chris Riley, head of public policy at Mozilla. The fund is starting at half a million dollars but the Mozilla Foundation is encouraging companies and government to put money forward to fund software security research.

The SOS Fund will work in three stages. Mozilla with enlist and pay for the services of security firms to carry out audits on other people’s code. After the audit is completed Mozilla will work with the code creator to implement the fixes. And Mozilla will pay for this remediation to be verified to ensure that all bugs have been fixed thoroughly.

This process has already been carried out on three different open-source software projects to identify vulnerabilities. “In those audits we uncovered and addressed a total of 43 bugs, including one critical vulnerability and two issues with a widely used image file format,” said Riley. “These initial results confirm our investment hypothesis, and we’re excited to learn more as we open for applications.” Applications for funding are open now.

Open-source software relies on collaboration and user involvement to identify and act on bugs. This has become more and more important as open source has become the norm compared to several years ago. However a robust security audit still costs money, and for many smaller software developers this can be prohibitively expensive. For these developers, Mozilla’s new fund will be welcome news but the fund will need more backers in the future to keep it alive and available to a wide audience of software creators.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Microsoft’s emoji library goes open source
The design process of emoji.

Microsoft has announced it is making over 1,500 emojis in its library open source for developer and creator use as of Wednesday.

You can access the Microsoft emoji library on Figma and Github, with the brand noting that images can be saved as SVG, PNG, and JPG files "to allow for true versatility." However, Microsoft recommends you make a "vector, flat, and monochrome version," of each emoji designed for "scale and flexibility.

Read more
The robot takeover comes another step closer — at Amazon
An Amazon robot working inside one of the company's warehouses.

Amazon is close to having more robots operating inside its warehouses than humans after the e-commerce giant announced this week that it now has more than a million robots working at its facilities around the world.

Over the years, Amazon has spent billions of dollars on the development and deployment of warehouse-based robots, which handle an array of tasks once performed by human workers.

Read more
This Lenovo ThinkPad laptop is over $1,400 off — hurry while stocks last!
The Lenovo ThinkPad T14 Gen 5 Intel laptop on a white background.

Now's an excellent time to take advantage of laptop deals from Lenovo, which has slashed the prices of a wide range of devices for its Black Friday in July sale. Lenovo's ThinkPad laptops are up to 45% off, and here's one of the most interesting offers available with such a discount — the Lenovo ThinkPad T14 Gen 5 at $1,440 off its estimated value of $3,199, so you'll only have to pay $1,759. That's an excellent price for this fantastic productivity tool, but you're going to have to push forward with your purchase as soon as possible because stocks may run out at any moment.

BUY NOW

Read more