The Mozilla Foundation has launched a $500,000 fund to improve the security of key open source projects.
The Secure Open Source Fund is intended to "provide security auditing, remediation and verification for key open source software projects", according to Chris Riley, head of public policy, writing on the Mozilla blog.
Riley said that the initial funding, which will cover audits of some of the most widely used code, is just the start and that he hopes other organisations will contribute to the Fund.
"We want to see the numerous companies and governments that use open source join us and provide additional financial support. We challenge these beneficiaries of open source to help secure the internet," Riley said.
Mozilla has already audited three pieces of open source software and discovered 43 bugs, including one critical vulnerability in the C library PCRE.
There is no evidence that closed source software is any more secure than open source (after all, how would anyone know?), but Linus Torvalds' famous saying: "Given enough eyeballs, all bugs are shallow" has taken a bit of a beating in recent years.
The need for improved security in open source was recognised last year by Jim Zemlin, executive director of the Linux Foundation.
"The open source software we all rely on every day in some cases is maintained by a small group of people, or even a single person," he said.
"OpenSSL, for a long time, was maintained by two guys named Steve. That means that the internet for a long period of time was secured by those two guys. OpenSSH, the way to have secure communications between servers, was maintained by one guy working part time."
The Linux Foundation created the Core Infrastructure Initiative (CII) to address these concerns. It is not clear how CII and the Secure Open Source Fund will work together.
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere