Google new Linux Foundation open source security rewards program

has announced that it's sponsoring a new open source security program hosted by the Foundation. The Secure Open Source (SOS) Rewards pilot program provides financial incentives for developers working on security around critical open source projects.

Open source software plays an integral part of many critical infrastructure and national security systems, however recent data suggests that “upstream” attacks on open source software have increased in the past year as bad actors seek new ways to infiltrate the software supply chain. Moreover, countless organizations — from government agencies to hospitals and corporations — have been hit by targeted software supply chain attacks, leading President Biden to issue an executive order outlining measures to combat it.

As such, Google recently unveiled a $10 billion five-year commitment to support President Biden's plans to bolster U.S. cyber defenses, including a $100 million wedge to fund third-party foundations that support open source security. A few weeks back, Google revealed it was giving financial backing to the Open Source Technology Improvement Fund (OSTIF), with plans to initially sponsor security reviews in eight critical open source software projects. This latest announcement builds on that, with Google now committing $1 million to the SOS Rewards program.

SOS Rewards

Rewards can vary from $505 to $10,000 or more depending on the scope and significance of the project in terms of industry adoption and the potential impact the improvements will have.

While the SOS Rewards program does bear some similarities to a traditional bug bounty program, SOS Rewards is different in that it isn't looking to reward specific project vulnerability discoveries and fixes — it's about supporting “project-wide improvements and the implementation of open source security best practices,” according to the project's FAQ section.

For now, only representatives from Google's open source security team (GOSST) and the Linux Foundation will sit on the evaluating panel, though plans are afoot to extend membership to other organizations in the future.

You might also like

Comments are closed.