Google has promised to fund a new open source security project hosted by the Linux Foundation of $ 1 million.
Called the Secure Open Source (SOS) Rewards program, this pilot project improves the security of critical open source apps by providing qualified developers with monetary rewards of $ 10,000 or more for security-related work. The purpose is that.
“SOS actively strengthens critical open source projects and rewards a very wide range of improvements to support infrastructure against applications and supply chain attacks,” Google’s open source security teams Meder Kidyraliev and Kim Lewandowski said in a blog post. Stated.
“To complement existing programs that reward vulnerability management, to support project developers, the scope of SOS is relatively broad in the types of work that will be rewarded.”
Google’s open source security team has started with a $ 1 million investment and plans to expand the scope of the program based on community feedback.
SOS rewards start at $ 505 for “small improvements, despite the benefits from a security perspective.” Solutions that demonstrate “moderate complexity and impact” are rewarded between $ 1,000 and $ 5,000, and developers are $ 5,000 to $ 10,000 for “moderately complex improvements that provide attractive security benefits.” Can be received.
Google is offering over $ 10,000 for complex and influential improvements that prevent critical bugs in the affected code and support infrastructure.
SOS does not apply to all open source applications. Eligibility criteria are based on guidelines established by the National Institute of Standards and Technology. The Linux Foundation said it would consider the impact of the project, the importance of security improvements, and the types of users affected by the improvements.
SOS also considers project rankings in the Harvard 2 Census for the most used packages.
Google’s latest investment is part of a recently announced $ 10 billion pledge to cybersecurity defense after meeting with President Joe Biden in August.
The conference was held to discuss how the public and private sectors can work together to improve cybersecurity in critical US infrastructure and supply chains.
The president has urged business leaders to “raise the bar for cybersecurity” and has taken further steps to address the growing threat of cyberattacks on the US economy.
Google said it will invest more than $ 10 billion over five years to strengthen cybersecurity. The company also promises to train 100,000 Americans in areas such as data analytics and IT support, and to provide more than 10 million Americans with basic to advanced digital skills training over the next two years. Did.
Last month, Google also announced support for the Open Source Technology Improvement Fund (OSTIF) to sponsor security reviews of projects that are essential to the open source ecosystem.
Google promises $ 1 million to protect open source software
Source link Google promises $ 1 million to protect open source software