EFF Launches Security Vulnerability Disclosure Program
The open source world’s increasing interest in leveraging the the community to shore up software security in the wake of embarrassments like Heartbleed.
The EFF initiative, called the Security Vulnerability Disclosure Program will advocate for online freedom and openness.
The EFF maintains several security tools for protecting their privacy. When tools that are designed to protect users’ privacy and security turn out to have flaws they leave the users with a false sense of security.
The EFF’s Security Vulnerability Disclosure Program is an effort to curtail these risks by encouraging members of the privacy and open source communities to inspect code, as well as particular software configurations, for vulnerabilities.
In this sense, the program falls in line behind similar initiatives introduced over the last couple of years.
The Linux Foundation in April 2014 launched the Open Core Initiative to help fund attention to software security in open source projects.
Last spring, the Foundation took similar steps by building up the Let’s Encrypt project for better browser security.
Taken together, the EFF’s program and these other initiatives help set the open source software world apart from its proprietary counterpart when it comes to security.
Open source programmers are now willing—eager, even—to admit that their code inevitably has flaws.
In fact, they are recognizing that it has so many flaws that they alone cannot identify and fix them all. So groups like the EFF are relying on the community at large to help secure their code.