12 comments

[ 29.8 ms ] story [ 711 ms ] thread
Like folks giving money to open source projects? You should apply for a Mozilla OSS award (https://wiki.mozilla.org/MOSS) -- deadline is July 31!
First it seems to be for any kind of open source:

    Mission Partners

    The Mission Partners track is open to any free software / open source project
    that significantly furthers Mozilla’s mission to ensure the Internet is a
    global public resource, open and accessible to all.
But later on it specifies something that aligns quite well with Mozilla's principles:

    Activities which are not sufficient for an award on their own include:

       Writing open source software (notwithstanding manifesto principle #7)
       Building something cool with web technologies
       Translating open source software into another language
And it should be endorsed by someone well-known:

    The specific project activity should be endorsed (on the application form) by someone well-known [...]
Which... is quite hard and not just any kind of open source project. It seems you have to be high profile already to even opt for it, then do something along Mozilla's main principles.
Please insert your comments saying how this is bad or not enough below. Let's gather the negativity in a single place.
Seriously? You're like the first post. There is no negativity...
They're making fun of the overly negative comments that take over every thread about companies doing something seemingly good. It was my first thought as well: "let's see how HN twists this into something bad".
The best way to combat negativity is constructive discussion, not snarky unwarranted comments.
(comment deleted)
I'm surprised their donating this amount. I mean as far as I know they are VC funded and atm don't make a profit? Or am I mixing things up here?
They are, but they also host any OSS project for free, which is the only reason I know about the brand "GitHub". I think you severely underestimate how valuable that mindshare can be. Also, they depend heavily on products which depend on OSS projects for their product.

It only makes sense that GitHub would want to reinvest in security for their own supply chain. The only problem is that most other companies don't do enough of the same.

I wondered for a moment if this could incentive developers to introduce bugs for their friends to "find," but then I remembered that hackers are already incentivized a lot more to sneak vulnerabilities into FOSS.
IMHO that would be a legitimate use of the award. If your review and merge process is bad enough that somebody can get malicious code into your releases, then that's a serious bug in your process, and whoever proved that it's there deserves the bounty just as much as someone who found an ordinary bug.