MozillaWiki

MOSS/Secure Open Source

< MOSS
Revision as of 13:33, 10 May 2016 by Gerv (talk | contribs) (Make more unlaunched)

The Secure Open Source ("SOS") track of MOSS is still under development. When launched, it will support security audits for open source software projects, and remedial work to rectify the problems found.

Project Criteria

SOS has a very limited set of solid rules:

  • The software must be open source/free software, with a license which is OSI-certified and/or FSF-approved
  • The software must be actively maintained

Selection Criteria

We have a series of factors we consider when evaluating an application. For example:

  • How commonly used is the software?
  • Is the software network-facing or does it regularly process untrusted data?
  • How vital is the software to the continued functioning of the Internet or the Web?
  • Does the software depend on closed-source code, e.g. in a web service?
  • Are the software’s maintainers aware of and supportive of the application for support from SOS?
  • Has the software been audited before? If so, when and how extensively? Was the audit made public? If so, where?
  • Does the software have existing corporate backing or involvement?

The answers to such questions are often not “yes” or “no”, but matters of degree, and so Mozilla will take the entire picture into account when assessing projects.

How To Apply

At this time, candidates for a Secure Open Source award are chosen by Mozilla; there is no public application process. If you have a suggestion for a project which you think meets the criteria above, and where an audit might particularly benefit the project and the Internet community, please email Gerv.

Retrieved from "https://wiki.allizom.org/index.php?title=MOSS/Secure_Open_Source&oldid=1132055"