News

Mozilla establishes fund for open source code security audits

By admin
Spread the love

Mozilla has established the Secure Open Source Fund. The aim of the fund is to pay for security audits for important open source projects. Mozilla hopes this will prevent new security incidents such as Heartbleed and Shellshock.

The SOS Fund is part of the Mozilla Open Source Support program and initially has half a million dollars. Mozilla hopes more organizations and governments will join the initiative to increase funding for audits.

With that money, Mozilla wants to let professional security companies scour code for problems. The organization then plans to work with the code project managers to address the issues and contribute to the disclosure of leaks. In addition, Mozilla is willing to pay for verification that the bug fixes actually work.

Mozilla commissioned three audits for the project, for Perl-Compatible Regular Expressions, libjpeg-turbo, and phpMyAdmin. 43 bugs have come to light, including a critical vulnerability. Open source software has permeated all layers of businesses, organizations and infrastructure, but despite that dependence, its security remains a largely unsolved problem.

However, the SOS Fund is not the first project to try to tackle this. The Linux Foundation started the Core Infrastructure Initiative in 2014 in collaboration with Cisco, Facebook and Google, among others, to screen open source projects for security vulnerabilities.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support