Google has pledged $1 million in funding to the Linux Foundation’s Secure Open Source (opens in new tab) (SOS) pilot program, which aims to improve the security of critical open source (opens in new tab) projects.
The program is part of the tech giant's recently announced $10 billion commitment (opens in new tab) to cybersecurity (opens in new tab) defense, following a meeting (opens in new tab) with US President Joe Biden, in August.
According to a FAQ (opens in new tab) posted on the website of the SOS Rewards program, while it does appear similar to a traditional bug bounty program, the SOS Rewards program has a broader perspective and isn’t looking to reward specific project vulnerabilities.
- Check our roundup of the best Linux distros (opens in new tab)
- Here are the best Linux laptops (opens in new tab) for running Linux
- Also take a look at the best laptops for programming (opens in new tab)
“SOS rewards a very broad range of improvements that proactively harden critical open source projects and supporting infrastructure against application and supply chain attacks,” further explain (opens in new tab) members of the Google Open Source Security Team.
Securing the supply chain
The backing for the project comes after it emerged that there’s been a whopping 650% year over year increase (opens in new tab) in supply chain attacks targeted towards upstream open source public repositories.
The report noted that open source software continues to play an integral part of many critical infrastructure, which also makes it a ripe target for software supply chain attacks.
A few weeks back, Google revealed its financial backing for the Open Source Technology Improvement Fund (OSTIF), to sponsor in-depth security reviews (opens in new tab) to critical projects vital to the open source ecosystem, as part of OSTIF’s Managed Audit Program (MAP).
This $1 million commitment to the SOS initiative further expands Google’s commitment to helping secure open source software.
According to the program, rewards range from $505 to $10,000 or more depending on the scope and impact of the improvements on the larger community.
"We are starting with a $1 million investment and plan to expand the scope of the program based on community feedback," assures the Google Open Source Security Team.
- Subscribe to Linux Format magazine (opens in new tab) for more Linux and open source goodness
Via ZDNet (opens in new tab)