The MoodleNet team is delighted to announce that we have been awarded a Mozilla Open Source Support (MOSS) grant. We pitched for this at the recent Mozilla Festival, and the judges were impressed enough to award us $5,000 to help us perform a privacy and security audit of MoodleNet.
Creating a decentralised platform for MoodleNet is important to our goal of creating an open, safe, connected solution that can be installed and run by any organisation. Doing so, however, increases what security professionals call the ‘attack surface’ of the software environment. We are delighted to not only have a grant from Mozilla to help with this, but also access to their community of talented technologists.
Our plan is to create a series of ‘bounties’ for security testing MoodleNet. This is a proven method for incentivising ethical hackers to disclose privacy and security vulnerabilities in software products and platforms. Using this method, we hope, will not only increase the reliability of our systems, but also help increase trust in open source and federated solutions.
“Thanks to Mozilla for their MOSS initiative, and for their grant towards security testing of MoodleNet. It’s a pleasure to be involved and our team is using it as effectively as we can.” (Martin Dougiamas, Moodle CEO)
We’re still reviewing which platform to use for our security bounty programme, but you can see how organisations and projects such as WordPress, Brave and Discourse use such platforms to improve the quality of their products.
If you’re interested in helping out with this programme and potentially receiving a cash reward for your efforts, there are a number of things you can do:
- Review our code (warning, it’s still under heavy development!)
- Read about our approach in more detail
- Subscribe to the “MoodleNet security and privacy testing” Telegram channel for updates
Finally, if you have any suggestions for how we could set up this privacy and security testing programme for even greater success, we’d like to hear from you. Either add a comment below, or get in touch with us directly via email : firstname.lastname@example.org