Google Commits $1 Million in Funding to the Secure Open Source Program

By

The pilot program, Secure Open Source, has received a major source of funding from Google.

The Secure Open Source program, established by The Linux Foundation, financially rewards developers for enhancing the security of crucial open-source projects that businesses and individuals depend upon.

According to the SOS Rewards site, the project "rewards a very broad range of improvements that proactively harden critical open source projects and supporting infrastructure against application and supply chain attacks." 

SOS won't apply to all open source projects. According to the Linux Foundation, the criteria for critical projects are being informed by the cybersecurity Executive Order, issued by the Biden administration in May and the guidance from NIST.

The security improvements that qualify include software supply chain security improvements (including hardening CI/CD pipelines and distribution infrastructure), adoption of software artifact signing and verification, project improvements that produce higher OpenSFF Scorecard results, use of OpenSSF Allstar and remediation of discovered issues, and earning a CII Best Practice Badge.

The Linux Foundation also indicated it would be considering the impact of a project, as well as its rankings in the Harvard 2 Census study of the most-used packages, and will require a minimum OpenSFF Criticality Score of 0.6. 

To submit your project to the SOS program, fill out the Secure Open Source Reward Submission form.

10/04/2021

Related content

comments powered by Disqus