Google has announced that it’s sponsoring a new open source security program hosted by the Linux Foundation. The Secure Open Source (SOS) Rewards pilot program provides financial incentives for developers working on security around critical open source projects.
Certainly, open source software plays an integral part of many critical infrastructure and national security systems, with recent data suggests that attacks on open source software have increased in the last year.
Google has planned to start with $1 million investment to financially reward developers for enhancing the security of critical open source projects. This comes after Google’s previous $10 billion commitment to open source security.
We are starting with a $1 million investment and plan to expand the scope of the program based on community feedback.
Google Open Source Security Team (GOSST)
The decision to compensate developers for their efforts will be based on the guidelines established by the National Institute of Standards and Technology (NIST) arm of the U.S. Department of Commerce in response to the recent executive order on cybersecurity issued by the Biden administration.
Secure Open Source Program Rewarding
Rewards will be determined on the complexity and impact of work ranging from $10,000 or more for complicated, high-impact and lasting improvements that almost certainly prevent major vulnerabilities to $505 for small improvements that have merit from a security standpoint.
For moderately complicated innovations that deliver compelling security benefits, awards of $5,000 to $10,000 are offered, while incentives of $1,000 to $5,000 are available for solutions of modest complexity and impact.
Upfront funding is available on a limited basis for impactful improvements of moderate to high complexity over a longer time span. Those requests should be provided with a detailed plan of how the improvements will be delivered.
Developers who wish to participate in the SOS program should visit the FAQ page and fill out the Secure Open Source submission form.