- Mozilla announced a new fund last week dedicated to paying security firms to audit open-source project code.
- The fund, called Secure Open Source (SOS), includes $500,000 to pay for audits of common open source code, libraries and programs.
- Bugs like Heartbleed and Shellshock, recently found in key components of open source software, have underscored the importance of ensuring open source code is trustworthy.
More and more, developers are using open source tools when building applications and online services because it allows users to openly share and collaborate on code. Because it encourages crowdsourcing and collaboration, open source has opened the doors for amateurs and professionals alike to make better software faster than ever before.
Because of that, as well as the fact that it offers advantages in terms of cost, control and innovation, experts predict open source tools will soon be a much higher percentage of every IT organization’s environment. Moving forward, experts predict enterprise IT departments will increasingly rely on open source products over proprietary products. It’s therefore more important than ever to ensure open source code is safe.
"From Google and Microsoft to the United Nations, open source code is now tightly woven into the fabric of the software that powers the world," Chris Riley, Mozilla’s head of public policy, wrote in a blog post. "Indeed, much of the Internet—including the network infrastructure that supports it—runs using open source technologies."
Mozilla said it found and fixed 43 bugs in a recent test of SOS on three pieces of open-source software. The new Mozilla fund is similar to a bug bounty program, which companies are using more often as a way to assess security risks.
The Linux Foundation has a similar initiative to find and fix open-source project bugs.