14 DAY TRIAL // The Mozilla Foundation announced today it set up a $500,000 fund through which will pay security firms to carry out security audits of major open source projects.
Called SOS Fund, or Secure Open Source Fund, this initiative is part of the larger Mozilla Open Source Support (MOSS) program, by which Mozilla previously began dishing out large sums of cash at regular intervals to open source projects on which the Foundation's engineers rely to build Firefox and other products.
During the past months, Mozilla says it tested their SOS Fund project on three open source projects. The Foundation says that its team helped these projects patch up 43 bugs, including a critical vulnerability and two issues in a widely-used image format.
With these positive results at its back, Mozilla is now comfortable in opening the SOS Fund to a bigger audience.
Open source projects will need to fill out a form on Mozilla's MOSS project page in order to be considered. The Foundation will assess all these submissions, and provide funding to who it considers in dire need.
Mozilla will foot the bill at the end of the day
For all approved projects, Mozilla will contract and pay professional security firms to audit the project's source code for any security issues.
Mozilla will act as a liaison between the security experts and the project's maintainers in order to ensure a secure bug disclosure process.
The Foundation also said it will pay for a second security audit that comes after the bugfix process, in order to verify that the proper patch was applied.
Besides looking for applications, Mozilla also said it's looking for financial partners to help it grow the SOS Fund.
"We hope this is only the beginning," said Chris Riley, Head of Public Policy at Mozilla. "We want to see the numerous companies and governments that use open source join us and provide additional financial support. We challenge these beneficiaries of open source to pay it forward and help secure the Internet."