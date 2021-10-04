



Google has announced that it is sponsoring a new open source security program hosted by the Linux Foundation. The Secure Open Source (SOS) Rewards pilot program provides financial incentives for developers working on the security of critical open source projects.

Open source software plays an integral part of many important infrastructures and national security systems, but recent data shows that malicious people are looking for new ways to break into the software supply chain. , Suggests that upstream attacks on open source software have increased over the past year. In addition, countless organizations, from government agencies to hospitals and businesses, have been hit by targeted software supply chain attacks, and President Biden has issued an executive order outlining measures to combat them.

That’s why Google recently supported President Bidens’ plans to strengthen U.S. cyber defenses, including a $ 100 million wedge to fund a third-party foundation that supports open source security. Announced a five-year commitment. A few weeks ago, Google revealed that it was providing financial support to the Open Source Technology Improvement Fund (OSTIF), initially planning to sponsor security reviews on eight key open source software projects. .. This latest announcement builds on that, and Google is currently committed $ 1 million to the SOS Rewards program.

Rewarding

Rewards can vary from $ 505 to over $ 10,000, depending on the scope and importance of the project for recruitment in the industry and the potential impact of improvements.

Although the SOS Rewards program has some similarities to traditional bug bounty programs, SOS Rewards is not aimed at rewarding the discovery of vulnerabilities in a particular project, but with support for improving the project as a whole. It differs in that it makes modifications to the implementation of open source security best practices. According to the FAQ section of the project.

For now, only representatives from Google’s Open Source Security Team (GOSST) and the Linux Foundation will participate in the evaluation panel, but plans are underway to extend membership to other organizations in the future.

