The Mozilla Foundation has set up the Secure Open Source (SOS) Fund, whose aim is to help open source software projects get rid their code of vulnerabilities. Projects that want Mozilla’s help must be open source/free software and must be actively maintained, but they have a much better probability to being chosen if the software is commonly used and is vital to the continued functioning of the Internet or the Web.
Three open source projects – PCRE, libjpeg-turbo, and phpMyAdmin – have already gone through the process, and the result was 43 vulnerabilities fixed (including one critical).