Google pledged $ 1 million in funding to the Linux Foundation Open source secure (SOS), which aims to improve the safety of Open source projects.
The program is part of the program recently announced by the tech giant $ 10 billion commitment To cybersecurity defense, following a meeting with US President Joe Biden in August.
According to a Faq Posted on the SOS Rewards program website, although it looks like a traditional bug bounty program, the SOS Rewards program has a broader perspective and does not seek to reward specific project vulnerabilities.
“SOS recognizes a very broad range of enhancements that proactively strengthen critical open source projects and support infrastructure against application and supply chain attacks.” explain in more detail members of the Google Open Source Security Team.
Securing the supply chain
Support for the project comes after it emerged that there had been a huge 650% increase year over year in supply chain attacks targeting upstream open source public repositories.
The report notes that open source software continues to be an integral part of many critical infrastructures, which also makes it an ideal target for software supply chain attacks.
A few weeks ago, Google revealed its financial support for the Open Source Technology Improvement Fund (OSTIF), for sponsor in-depth security reviews critical projects vital for the open source ecosystem, as part of OSTIF’s Managed Audit Program (MAP).
This million-dollar commitment to the SOS initiative further expands Google’s commitment to help secure open source software.
Depending on the program, rewards range from $ 505 to $ 10,000 or more depending on the scope and impact of the improvements on the community as a whole.
“We are starting with a million dollar investment and plan to expand the scope of the program based on community feedback,” said Google’s open source security team.
Going through ZDNet