Google Pledges $ 1 Million in Secure Open Source Program
Google has committed $ 1 million in funding to the Secure Open Source (SOS) pilot program established by the Linux Foundation, and the company’s investment might not end there.
“This program financially rewards developers for improving the security of critical open source projects that we all depend on,” Google said. “We are starting with a $ 1 million investment and plan to expand the reach of the program based on community feedback.”
Rewards start at $ 505 for “small improvements that still have merit from a security perspective” and can go up to $ 10,000 for “complicated, high-impact, and long-lasting improvements that almost certainly prevent major vulnerabilities in the system. affected code or supporting infrastructure ”.
SOS will not apply to all open source projects. The Linux Foundation said its criteria for critical projects were informed by the executive order on improving the nation’s cybersecurity released in May and corresponding guidelines from the National Institute of Standards and Technology.
The foundation also said it would take into account the impact of the project, such as the importance of its security infrastructure and the number of users it affects, as well as its ranking in the Harvard 2 Census Study of most used packages and an OpenSSF critical score. 0.6 minimum.
Google and the Linux Foundation said efforts to improve open source security wouldn’t end there:
The SOS program is part of a larger effort to address a growing truth: The world relies on open source software, but widespread support and financial contributions are needed to keep such software secure. This million dollar investment is just the start. We envision the SOS Pilot Program as the starting point for future efforts that will hopefully bring other large organizations together and make it a long-term, sustainable initiative under the OpenSSF.
More information on how the SOS pilot program works is available on its official website. Developers who believe their contributions to a project are eligible for reward through the program can submit their work through a Google Form (how else?) For review “on an ongoing basis”.