{"id":62237,"date":"2016-06-09T00:00:00","date_gmt":"2016-06-09T00:00:00","guid":{"rendered":"http:\/\/blog.mozilla.org\/foxtail\/2016\/06\/09\/help-make-open-source-secure\/"},"modified":"2021-02-08T20:33:51","modified_gmt":"2021-02-08T20:33:51","slug":"help-make-open-source-secure","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/en\/mozilla\/help-make-open-source-secure\/","title":{"rendered":"Help Make Open Source Secure"},"content":{"rendered":"

Major security bugs in core pieces of open source software – such as Heartbleed and Shellshock – have elevated highly technical security vulnerabilities into national news headlines. Despite these sobering incidents, adequate support for securing open source software remains an unsolved problem, as a panel of 32 security professionals confirmed<\/a> in 2015. We want to change that, starting today with the creation of the Secure Open Source (\u201cSOS\u201d) Fund aimed at precisely this need.<\/p>\n

Open source software is used by millions of businesses and thousands of educational and government institutions for critical applications and services. From Google and Microsoft to the United Nations, open source code is now tightly woven into the fabric of the software that powers the world. Indeed, much of the Internet – including the network infrastructure that supports it – runs using open source technologies. As the Internet moves from connecting browsers to connecting devices (cars and medical equipment), software security becomes a life and death consideration.<\/p>\n

The SOS Fund will provide security auditing, remediation, and verification for key open source software projects. The Fund is part of the Mozilla Open Source Support program<\/a> (MOSS) and has been allocated $500,000 in initial funding, which will cover audits of some widely-used open source libraries and programs. But we hope this is only the beginning. We want to see the numerous companies and governments that use open source join us and provide additional financial support. We challenge these beneficiaries of open source to pay it forward and help secure the Internet.<\/p>\n

Security is a process. To have substantial and lasting benefit, we need to invest in education, best practices, and a host of other areas. Yet we hope that this fund will provide needed short-term benefits and industry momentum to help strengthen open source projects.<\/p>\n

Mozilla is committed to tackling the need for more security in the open source ecosystem through three steps:<\/p>\n