Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mozilla's new fund will prevent the next Heartbleed, Shellshock

Fahmida Y. Rashid | June 30, 2016
Mozilla's SOS Fund will pay for software audits to uncover serious vulnerabilities in open source software before they become problems

No one expects software applications to be free of vulnerabilities. But there's a big difference between looking for and fixing obvious flaws before going to production, and simply shipping with known flaws because it would take too much time to try to fix. Since software can't be bug-free, it's only reasonable that software be regularly updated so that vulnerabilities can be fixed.

While it's possible to look for and fix vulnerabilities internally within the team, audits help teams tap into security expertise outside the project to help find issues.Veracode's latest State of Software Security Report found that most applications submitted for software assessment have less than a 45 percent pass rate, and nearly three out of four applications produced by third-party software vendors and SaaS suppliers fail the OWASP Top 10 when initially assessed.

"We all rely on open source software," Mozilla said in the blog post. "We hope this is only the beginning."

Source: Infoworld 


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.