Sign In

Communications of the ACM

ACM TechNews

Google to Pay Developers to Make Open Source Projects More Secure

View as: Print Mobile App Share:

While it does appear similar to a traditional bug bounty program, the SOS Rewards program has a broader perspective and isnt looking to reward specific project vulnerabilities.

Credit: Kingston

Google is investing $1 million in the Linux Foundation's Secure Open Source (SOS) pilot program to make open source projects more secure.

The program will reward developers financially for fortifying software against attacks and correcting potential bugs before they emerge.

Google said the incentives range from $505 for "small improvements" to $10,000 or more for hardening software to prevent major vulnerabilities.

SOS targets initiatives that proactively strengthen critical open source projects and defend infrastructure against application and supply-chain attacks, and intends to close the funding gap for largely voluntary software projects.

According to Google, SOS is "the starting point for future efforts that will hopefully bring together other large organizations and turn it into a sustainable, long-term initiative under the OpenSSF (Open Source Security Foundation)," a cross-industry forum that collaborates on the improvement of open source software security.

From ZDNet
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account