Google announces funding for a 100 million yen 'open source software support program', 100 million yen is 'still the beginning'
On October 1, 2021, Google announced that it would offer $ 1 million to a program that rewards contributors to the safety of open source software.
Google Online Security Blog: Introducing the Secure Open Source Pilot Program
Google has invested heavily in the development and safety of open source software, with a total of 10 billion in August 2021 including $ 100 million in support for the open source security measures business. Announced investment of dollar (about 1.1 trillion yen).
Google promises 1 trillion yen security measures and Microsoft promises 2 trillion yen security measures to build a new framework --GIGAZINE
by Blue Coat Photos
Following these efforts, Google announced on its official blog on October 1 that it will contribute $ 1 million to the Linux Foundation's Secure Open Source (SOS) pilot program. Google chose SOS as its investee, saying, 'SOS rewards a very wide range of improvements to proactively protect critical open source software and the infrastructure that underpins it from attacks. ) To complement existing programs that reward sexuality, SOS's support covers a relatively wide range of tasks, 'he said, explaining that wide frontage was important.
Since the target of SOS support is wide-ranging, the projects for which the incentive will be paid are selected based on the overall contents and impacts, but generally based on the 'Presidential Decree on Cyber Security ', the National Institute of Standards and Technology of the United States It is selected according to the established (PDF file) guidelines and the following criteria.
· The number and types of users who will benefit from increased security.
-How big has it affected infrastructure and user security?
-The range of seriousness and impact if the project falls into a crisis.
-Is the improved vulnerability specified in the Census Program II , which evaluates vulnerabilities such as free software? Or is a similar open source project OpenSSF Critically Score given a critically score of 0.6 or higher?
In addition, the amount of the bounty will be determined as follows, depending on the impact and complexity of the project.
$ 10,000 or more for complex, influential, and lasting improvements that can almost certainly prevent critical vulnerabilities in affected code and supporting infrastructure.
・ Improvements with large curity benefits and moderate complexity are $ 5,000 to $ 10,000.
・ $ 505 (about 56,000 yen) for small-scale but beneficial improvements from a security perspective.
For details on how to apply for the program, please refer to the SOS FAQ. Google says about future developments 'SOS is part of a wide range of efforts to solve the current situation where the world depends on open source software but needs extensive support and funding to keep it secure. So this $ 1 million spending is just the beginning. We see the SOS pilot program as a starting point for future efforts, involving other large organizations and developing into a sustainable and long-term movement. I look forward to doing so, 'he said, showing his willingness to further expand the framework of support in the future.
Related Posts: