Mozilla is launching a $500,000 fund to review open source software for vulnerabilities hackers might exploit.
Open source software is developed through groups of volunteers. For years, it was believed that with "many eyes" on the code, open source software would not be susceptible to the kinds of devasting bugs that plague conventional software.
That changed in 2014 when the “Heartbleed” bug was found in a popular open source security package known as OpenSSH. Heartbleed was used in an attack on Community Health Systems that stole data on 4.5 million patients.
The $500,000 “Secure Open Source” allotment will go to funding independent reviews of the software to ensure there are no security holes for hackers to exploit.
And because open source is widely used, Mozilla is inviting other companies, educational institutions and government organizations that take advantage of the often-free software “to pay it forward and join the Fund,“ the company wrote in a statement.
“Left unattended, these bugs create opportunities for crime and disruption,” said James A. Lewis, senior vice president and director of the Strategic Technologies Program at the Center for Strategic and International Studies. “Mozilla's SOS fund fills a critical gap in cybersecurity by creating incentives to find the bugs in open source and letting people fix them.”