MOSS/Secure Open Source: Difference between revisions

The Secure Open Source ("SOS") track of MOSS supports security audits for open source software projects, and remedial work to rectify the problems found.

You can read about the audits we've completed so far.

Project Criteria

SOS has a very limited set of solid rules:

• The software must be open source/free software, with a license which is OSI-certified and/or FSF-approved
• The software must be actively maintained

Selection Criteria

We have a series of factors we consider when evaluating an application. For example:

• How commonly used is the software?
• Is the software network-facing or does it regularly process untrusted data?
• How vital is the software to the continued functioning of the Internet or the Web?
• Does the software depend on closed-source code, e.g. in a web service?
• Are the software’s maintainers aware of and supportive of the application for support from SOS?
• Has the software been audited before? If so, when and how extensively? Was the audit made public? If so, where?
• Does the software have existing corporate backing or involvement?

The answers to such questions are often not “yes” or “no”, but matters of degree, and so Mozilla will take the entire picture into account when assessing projects.

How To Apply

At this time, candidates for a Secure Open Source award are chosen by Mozilla. If you have a suggestion for a project which you think meets the criteria above, and where an audit might particularly benefit the project and the Internet community, please fill in this form.

If you have questions, please feel free to contact us, sosfund at mozilla dot com.