Google is offering $1 million to secure open source software

Move further underlines importance of open source software in global supply chains

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas pledged $1 million in funding to the Linux Foundation’sSecure Open Source(SOS) pilot program, which aims to improve the security of criticalopen sourceprojects.

The program is part of the tech giant’s recently announced$10 billion commitmenttocybersecuritydefense,following a meetingwith US President Joe Biden, in August.

According to aFAQposted on the website of the SOS Rewards program, while it does appear similar to a traditional bug bounty program, the SOS Rewards program has a broader perspective and isn’t looking to reward specific project vulnerabilities.

“SOS rewards a very broad range of improvements that proactively harden critical open source projects and supporting infrastructure against application and supply chain attacks,”further explainmembers of the Google Open Source Security Team.

Securing the supply chain

The backing for the project comes after it emerged that there’s been a whopping650% year over year increasein supply chain attacks targeted towards upstream open source public repositories.

The report noted that open source software continues to play an integral part of many critical infrastructure, which also makes it a ripe target for software supply chain attacks.

A few weeks back, Google revealed its financial backing for the Open Source Technology Improvement Fund (OSTIF), tosponsor in-depth security reviewsto critical projects vital to the open source ecosystem, as part of OSTIF’s Managed Audit Program (MAP).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This $1 million commitment to the SOS initiative further expands Google’s commitment to helping secure open source software.

According to the program, rewards range from $505 to $10,000 or more depending on the  scope and impact of the improvements on the larger community.

“We are starting with a $1 million investment and plan to expand the scope of the program based on community feedback,” assures the Google Open Source Security Team.

ViaZDNet

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

Your doctor may have an AI assistant taking notes during your next Zoom call