[TheRecord] Google offers $1 million sponsorship to secure open source software

Google has announced today a $1 million sponsorship for a new pilot program aimed at enhancing the security of critical open source software projects.

Named Secure Open Source (SOS), the program will be run by the Linux Foundation with initial sponsorship from the Google Open Source Security Team (GOSST).

Through the program, Google aims to provide sponsorships to project maintainers so they can fund plans and solutions to improve the security posture of their code.

Projects with large penetration across industries and which play a crucial role in the software ecosystem will be prioritized in receiving funds.

SOS’ initial focus will be on hardening projects against application and supply chain attacks, Google and the Linux Foundation said in a press release today.

Per the project’s official website, SOS reviewers will be looking for solutions for issues such as:

Software supply chain security improvements, including hardening CI/CD pipelines and distribution infrastructure.Adoption of software artifact signing and verification.Project improvements that produce higher OpenSSF Scorecard results.Use of OpenSSF Allstar and remediation of discovered issues.Earning a CII Best Practice Badge.

The value of sponsorships will be determined based on complexity and the impact of the proposed solutions:

$10,000 or more for complicated, high-impact, and lasting improvements that almost certainly prevent major vulnerabilities in the affected code or supporting infrastructure. $5,000-$10,000 for moderately complex improvements that offer compelling security benefits.$1,000-$5,000 for submissions of modest complexity and impact.$505 for small improvements that nevertheless have merit from a security standpoint.

“This $1 million investment is just the beginning—we envision the SOS pilot program as the starting point for future efforts that will hopefully bring together other large organizations and turn it into a sustainable, long-term initiative under the OpenSSF,” Google said today.

The post Google offers $1 million sponsorship to secure open source software appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] How one congressman is working to get the the government and industry to team-up against foreign threats

The last year of high-profile hacks has been a “clarion call” for the federal government and the private sector to work together to combat security threats from foreign adversaries, according to Rep. Rick Crawford (R-Ark.). The fifth-term lawmaker — who serves on the House Intelligence, Agriculture and Transportation and Infrastructure committees — is uniquely situated […]

Read More

[ThreatPost] Major U.S. Pipeline Crippled in Ransomware Attack

All posts, ThreatPost

Colonial Pipeline Company says it is the victim of a cyberattack that forced the major provider of liquid fuels to the East Coast to temporarily halted all pipeline operations. Source: Read More (Threatpost)

Read More

[SANS ISC] ISC Stormcast For Thursday, April 14th, 2022 https://isc.sans.edu/podcastdetail.html?id=7964, (Thu, Apr 14th)

All posts, Sans-ISC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Source: Read More (SANS Internet Storm Center, InfoCON: green)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.