“So much of the code we rely on uses open source software. It’s embedded in commercial products and provides for key internet operations. This software is often neglected when it comes to patching and updating. All software has exploitable flaws – it’s the nature of coding. Left unattended, these bugs create opportunities for crime and disruption. Mozilla’s SOS fund fills a critical gap in cybersecurity by creating incentives to find the bugs in open source and letting people fix them.” — James A. Lewis, Senior Vice President and Director, Strategic Technologies Program, Center for Strategic and International Studies
“Mozilla has an impressive track record when it comes to taking a leadership role to drive adoption of security best practices that support a safer, more open internet. This latest move, the creation of the Secure Open Source Fund, is another example of that, and we think it’s inspiring to see companies like Mozilla proactively supporting the community. Given the significant reliance on open source tools in our increasingly connected and technically-dependent lives, we’re very glad to see this focus on funding and supporting the security of OSS, which can often be adversely impacted by financial and human resource constraints.” — Jen Ellis, Vice President, Community and Public Affairs, Rapid7
“Open source software is increasingly becoming critical infrastructure, and we need to invest in keeping it secure. Efforts like the SOS Fund are an important piece of making this happen.” — Matthew Green, Assistant Professor of Computer Science, Johns Hopkins Information Security Institute