Google commits $1M to new Linux Basis open supply safety rewards program

Let the OSS Enterprise publication information your open supply journey! Sign up here.

Google has announced that it’s sponsoring a brand new open supply safety program hosted by the Linux Basis. The Safe Open Supply (SOS) Rewards pilot program gives monetary incentives for builders engaged on safety round crucial open supply initiatives.

Open supply software program performs an integral a part of many crucial infrastructure and nationwide safety techniques, nonetheless current knowledge means that “upstream” assaults on open supply software program have increased in the past year as unhealthy actors search new methods to infiltrate the software program provide chain. Furthermore, numerous organizations — from authorities businesses to hospitals and companies — have been hit by targeted software supply chain attacks, main President Biden to issue an executive order outlining measures to fight it.

As such, Google not too long ago unveiled a $10 billion five-year dedication to support President Biden’s plans to bolster U.S. cyber defenses, together with a $100 million wedge to fund third-party foundations that help open supply safety. A couple of weeks again, Google revealed it was giving financial backing to the Open Supply Expertise Enchancment Fund (OSTIF), with plans to initially sponsor safety opinions in eight crucial open supply software program initiatives. This newest announcement builds on that, with Google now committing $1 million to the SOS Rewards program.

Rewarding

Rewards can fluctuate from $505 to $10,000 or extra relying on the scope and significance of the mission by way of trade adoption and the potential influence the enhancements may have.

Whereas the SOS Rewards program does bear some similarities to a standard bug bounty program, SOS Rewards is completely different in that it isn’t seeking to reward particular mission vulnerability discoveries and fixes — it’s about supporting “project-wide enhancements and the implementation of open supply safety greatest practices,” in accordance with the mission’s FAQ part.

For now, solely representatives from Google’s open supply safety staff (GOSST) and the Linux Basis will sit on the evaluating panel, although plans are afoot to increase membership to different organizations sooner or later.