Google announces funding for a 100 million yen 'open source software support program', 100 million yen is 'still the beginning'



On October 1, 2021, Google announced that it would offer $ 1 million to a program that rewards contributors to the safety of open source software.

Google Online Security Blog: Introducing the Secure Open Source Pilot Program

https://security.googleblog.com/2021/10/introducing-secure-open-source-pilot.html

Google has invested heavily in the development and safety of open source software, with a total of 10 billion in August 2021 including $ 100 million in support for the open source security measures business. Announced investment of dollar (about 1.1 trillion yen).

Google promises 1 trillion yen security measures and Microsoft promises 2 trillion yen security measures to build a new framework --GIGAZINE


by Blue Coat Photos

Following these efforts, Google announced on its official blog on October 1 that it will contribute $ 1 million to the Linux Foundation's Secure Open Source (SOS) pilot program. Google chose SOS as its investee, saying, 'SOS rewards a very wide range of improvements to proactively protect critical open source software and the infrastructure that underpins it from attacks. ) To complement existing programs that reward sexuality, SOS's support covers a relatively wide range of tasks, 'he said, explaining that wide frontage was important.

Since the target of SOS support is wide-ranging, the projects for which the incentive will be paid are selected based on the overall contents and impacts, but generally based on the 'Presidential Decree on Cyber ​​Security ', the National Institute of Standards and Technology of the United States It is selected according to the established (PDF file) guidelines and the following criteria.
· The number and types of users who will benefit from increased security.
-How big has it affected infrastructure and user security?
-The range of seriousness and impact if the project falls into a crisis.
-Is the improved vulnerability specified in the Census Program II , which evaluates vulnerabilities such as free software? Or is a similar open source project OpenSSF Critically Score given a critically score of 0.6 or higher?



In addition, the amount of the bounty will be determined as follows, depending on the impact and complexity of the project.
$ 10,000 or more for complex, influential, and lasting improvements that can almost certainly prevent critical vulnerabilities in affected code and supporting infrastructure.
・ Improvements with large curity benefits and moderate complexity are $ 5,000 to $ 10,000.
・ $ 505 (about 56,000 yen) for small-scale but beneficial improvements from a security perspective.

For details on how to apply for the program, please refer to the SOS FAQ. Google says about future developments 'SOS is part of a wide range of efforts to solve the current situation where the world depends on open source software but needs extensive support and funding to keep it secure. So this $ 1 million spending is just the beginning. We see the SOS pilot program as a starting point for future efforts, involving other large organizations and developing into a sustainable and long-term movement. I look forward to doing so, 'he said, showing his willingness to further expand the framework of support in the future.

in Software,   Security, Posted by log1l_ks