Google has pledged $1 million to the Linux Foundation’s new project, which aims to improve the security of critical open-source projects.
Google’s latest investment, which is part of the company’s $10 billion pledge to President Biden’s cybersecurity initiative, aims to address potential security issues before they become bugs by improving software hardening against attacks.
The Linux Foundation’s pilot program, dubbed Secure Open Source (SOS), “financially rewards developers for improving the security of critical open-source projects.”
According to the members of the Google Open Source Security Team, who revealed the amount said: “We are starting with a $1 million investment and plan to expand the scope of the program based on community feedback.”
However, to a Google blogger, the awards vary from $10,000 or more for hardening software in a way that prevents big bugs to $505 for minor enhancements that have value.
For moderately complicated innovations that deliver compelling security benefits, awards of $5,000 to $10,000 are offered, while incentives of $1,000 to $5,000 are available for solutions of “modest complexity and impact.
The goal of the initiative is to fund projects that proactively harden essential open-source projects and supporting infrastructure against application and supply-chain assaults. Another issue that Google is aiming to solve with SOS is the funding gap for open-source software projects that are mostly managed on a volunteer basis.
Google maintained that the program aims at addressing security issues, noted that: “The SOS program is part of a larger effort to address a rising reality: the world relies on open source software, but widespread support and financial donations are required to maintain that software safe and secure.”
“We see the SOS pilot program as a springboard for future efforts that will ideally bring together other significant enterprises and transform it into a long-term, sustainable OpenSSF venture.