[TheRecord] Google offers $1 million sponsorship to secure open source software

Google has announced today a $1 million sponsorship for a new pilot program aimed at enhancing the security of critical open source software projects.

Named Secure Open Source (SOS), the program will be run by the Linux Foundation with initial sponsorship from the Google Open Source Security Team (GOSST).

Through the program, Google aims to provide sponsorships to project maintainers so they can fund plans and solutions to improve the security posture of their code.

Projects with large penetration across industries and which play a crucial role in the software ecosystem will be prioritized in receiving funds.

SOS’ initial focus will be on hardening projects against application and supply chain attacks, Google and the Linux Foundation said in a press release today.

Per the project’s official website, SOS reviewers will be looking for solutions for issues such as:

Software supply chain security improvements, including hardening CI/CD pipelines and distribution infrastructure.Adoption of software artifact signing and verification.Project improvements that produce higher OpenSSF Scorecard results.Use of OpenSSF Allstar and remediation of discovered issues.Earning a CII Best Practice Badge.

The value of sponsorships will be determined based on complexity and the impact of the proposed solutions:

$10,000 or more for complicated, high-impact, and lasting improvements that almost certainly prevent major vulnerabilities in the affected code or supporting infrastructure. $5,000-$10,000 for moderately complex improvements that offer compelling security benefits.$1,000-$5,000 for submissions of modest complexity and impact.$505 for small improvements that nevertheless have merit from a security standpoint.

“This $1 million investment is just the beginning—we envision the SOS pilot program as the starting point for future efforts that will hopefully bring together other large organizations and turn it into a sustainable, long-term initiative under the OpenSSF,” Google said today.

The post Google offers $1 million sponsorship to secure open source software appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ThreatPost] The State of Incident Response: Measuring Risk and Evaluating Your Preparedness

All posts, ThreatPost

Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster. Source: Read More (Threatpost)

Read More

Daily NCSC-FI news followup 2021-08-31

Attracting flies with Honey(gain): Adversarial abuse of proxyware blog.talosintelligence.com/2021/08/proxyware-abuse.html With internet-sharing applications, or “proxyware,” users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as a go-between. As proxyware has grown in popularity, attackers have taken notice […]

Read More

Daily NCSC-FI news followup 2020-11-08

Office 365 will let admins review Microsoft Forms phishing attempts www.bleepingcomputer.com/news/security/office-365-will-let-admins-review-microsoft-forms-phishing-attempts/ Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Winning hacker team pockets $744, 500 at the Tianfu Cup, China’s top hacking […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.