Google has pledged to fund a new open source security project hosted by the Linux Foundation to the tune of $ 1 million.
Called the Secure Open Source (SOS) Rewards program, this pilot project improves the security of critical open source applications by providing qualified developers with monetary rewards of $ 10,000 or more for security-related work. The goal is that.
“SOS actively strengthens critical open source projects and rewards a very wide range of improvements to support infrastructure against applications and supply chain attacks,” said open source security teams at Google Meder Kidyraliev and Kim Lewandowski in a blog post. Declared.
“To complement existing programs that reward vulnerability management, to support project developers, the scope of SOS is relatively broad in the types of work that will be rewarded. “
Google’s open source security team started with a $ 1 million investment and plans to expand the reach of the program based on community feedback.
SOS rewards start at $ 505 for “small improvements, despite the security benefits.” Solutions that demonstrate “moderate complexity and impact” are rewarded between $ 1,000 and $ 5,000, and developers between $ 5,000 and $ 10,000 for “moderately complex enhancements that provide compelling security benefits”. Can be received.
Google is offering over $ 10,000 for complex and influential improvements that prevent critical bugs in affected code and supporting infrastructure.
SOS does not apply to all open source applications. The eligibility criteria are based on guidelines established by the National Institute of Standards and Technology. The Linux Foundation said it will look at the impact of the project, the importance of the security improvements and the types of users affected by the improvements.
SOS also takes into account the ranking of projects in the Harvard 2 census for the most used packages.
Google’s latest investment is part of a recently announced $ 10 billion commitment to defense against cybersecurity after meeting with President Joe Biden in August.
The conference aimed to discuss how the public and private sectors can work together to improve cybersecurity in critical infrastructure and supply chains in the United States.
The president urged business leaders to “raise the bar on cybersecurity” and took further steps to address the growing threat of cyberattacks against the US economy.
Google has announced that it will invest more than $ 10 billion over five years to strengthen cybersecurity. The company also promises to train 100,000 Americans in areas such as data analytics and IT support, and to provide more than 10 million Americans with basic to advanced digital skills training over the next two years. . Made.
Last month, Google also announced its support for the Open Source Technology Improvement Fund (OSTIF) to sponsor security reviews of projects critical to the open source ecosystem.