How Mozilla's Secure Open Source Fund Acts As Best Of The Security Testing Tools To Strengthen Open Source Security
We all know Mozilla by its great work in the software development. Some of the great applications we use daily are actually built by Mozilla. It includes Firefox, the most common web browser and email client Thunderbird. Mozilla has taken a step further to act as best of the security testing tools to strengthen open source security through fund called "Secure Open Source" a.k.a SOS.
What Is Secure Open Source "SOS" Fund? Why The Need Of Open Source Security?
Recently there have been some serious vulnerabilities in some widely used open source projects. After that there have been many additional steps taken for avoiding such vulnerabilities and enhancing open source security. Mozilla's Secure Open Source fund acts like security testing tools for open source projects who want to undergo the audits.
Mozilla's SOS fund supports security audits of open source software projects. Should'nt it be called an Open Source vulnerability scanner? Ya! Also it's free once the application of the candidate project is approved. It surely enhances the open source security.
We've already seen some widely spread vulnerabilities recently that dropped a mark on open source projects but thanks to massive number of people who quickly solved the issue as always. Through the SOS, the selected open source projects will be audited and will be looked for vulnerabilities. If there is any vulnerability found, it will be fixed.
Is It One Of Many Security Testing Tools?
Surely it's not. But it's acts like so. There is an entire procedure of undergoing the audit of an open source project. There are certain terms or selection criteria that candidate project should fill to undergo the audit. When I say security testing tools it does not mean that you upload your code and Mozilla scans it immediately and provide you the summary of the results.
Mozilla Secure Open Source "SOS" Fund's Selection Criteria
As mentioned above that there is a selection criteria for a candidate project to pass before the audit. Obviously the code has to be open source plus the factors like below are considered -
So Mozilla will analyse the project based on factors like mentioned above to enhance open source project security.
How To Apply For This Open Source Security Audit?
When software company like Mozilla is giving such important opportunity to enhance the open source security, there has to be a quick way to apply for.
Here is a link to the application form that you can fill in and submit to become candidate.
Open Source Projects That Have Undergone This Open Source Security Audit
There have already some projects applied, passed and undergone the audit. These are three popular projects namely, PCRE, libjpeg-turbo and phpMyAdmin.
PCRE (Perl-Compatible Regular Expressions) is a C library for implementing regular expressions in a codebase.
libjpeg-turbo is a fork of the libjpeg codebase which is particularly focussed on speed, and on compatibility with the most commonly-used standard profiles of JPEG.
phpMyAdmin is a web-based administration tool for MySQL databases.
The audit found total 43 vulnerabilities in these three projects including 1 Critical, 1 High, 10 Medium, 27 Low and 4 Informational level vulnerabilities.
Image Courtesy - Image 2