New Mozilla fund will pay for security audits of open-source code
A new Mozilla fund, called Secure Open Source, aims to provide security audits of open-source code, following the discovery of critical security bugs like Heartbleed and Shellshock in key pieces of the software.
Mozilla has set up a US$500,000 initial fund that will be used for paying professional security firms to audit project code. The foundation will also work with the people maintaining the project to support and implement fixes and manage disclosures, while also paying for the verification of the remediation to ensure that identified bugs have been fixed.
The initial fund will cover audits of some widely-used open source libraries and programs.