The Mozilla Open Source Support (MOSS) program awards grants to projects
"that contribute to our work and to the health of the
include SecureDrop, libjpeg-turbo, LLVM, LEAP Encryption
Access Project, and Tokio. There have also been MOSS supported audits of
ntp, ntpsec, curl, and more. "We ran a major joint audit on two codebases, one of which is a fork of the other – ntp and ntpsec. ntp is a server implementation of the Network Time Protocol, whose codebase has been under development for 35 years. The ntpsec team forked ntp to pursue a different development methodology, and both versions are widely used. As the name implies, the ntpsec team suggest that their version is or will be more secure. Our auditors did find fewer security flaws in ntpsec than in ntp, but the results were not totally clear-cut."