The Linux Foundation and allies will pay developers to help secure Linux and open-source software programs. Here's how the process works, and how you can get involved.
Linux and open-source software are much easier to secure than proprietary software. As open-source co-founder Eric S. Raymond pointed out with Linus' law: "Given enough eyeballs, all bugs are shallow." But it requires eyeballs looking for bugs in the first place to make it work. Jim Zemlin, the Linux Foundation (LF)'s executive director, said in the aftermath of the Heartbleed and Shellshock security fiascos: "In these cases, the eyeballs weren't really looking."
To help remedy this, David A. Wheeler, the LF's director of Open Source Supply Chain Security, recently revealed the LF or its related foundations and projects directly fund people to do security work. Here's how it works.