Register now for better personalized quote!

Open source: Google is going to pay developers to make projects more secure

Oct, 04, 2021 Hi-network.com

Google is backing a new project from the Linux Foundation to the tune of$1 million that aims to bolster the security of critical open-source projects. 

Rather than a bug bounty, Google's latest investment -a part of its$10 billion pledge to President Biden's cybersecurity push -seeks to address potential security issues before they become bugs through improvements in hardening software against attacks. 

Recommends

  • Best VPN services
  • Best security keys
  • Best antivirus software
  • The fastest VPNs

Dubbed Secure Open Source (SOS), the pilot program run by the Linux Foundation, "financially rewards developers for enhancing the security of critical open-source projects". 

SEE:Don't want to get hacked? Then avoid these three 'exceptionally dangerous' cybersecurity mistakes

The rewards range from "$10,000 or more" for hardening software in a way that prevents major bugs to$505 for "small improvements" that have merit, according to a Google blogpost. 

Rewards of between$5,000 to$10,000 are available for "moderately complex improvements that offer compelling security benefits" while rewards of$1,000 to$5,000 are for for solutions that display "modest complexity and impact". 

"We are starting with a$1 million investment and plan to expand the scope of the program based on community feedback," say members of the Google Open Source Security Team. 

The program aims to support projects that proactively harden critical open-source projects and supporting infrastructure against application and supply chain attacks.

Software supply chains came into focus after the Kremlin-backed cyberattack on US government agencies and tech firms via a poisoned update from enterprise software firm, SolarWinds     

SolarWinds wasn't the first supply chain attack. NotPetya, the 2017 ransomware attack that was also blamed on Kremlin-backed hackers, was another example. 

European cybersecurity think tank ENISA is also worried about software supply chain attacks, urging organizations to vet and document software suppliers, define their risk, and monitor software supply chains.  

Open-source software presents another challenge that Google is attempting to address through SOS: the funding gap for software projects that are largely run on a voluntary basis. In other words, these projects need money to deliver security.   

"The SOS program is part of a broader effort to address a growing truth: the world relies on open source software, but widespread support and financial contributions are necessary to keep that software safe and secure," Google notes. 

"We envision the SOS pilot program as the starting point for future efforts that will hopefully bring together other large organizations and turn it into a sustainable, long-term initiative under the OpenSSF," it adds. 

SEE:A cloud company asked security researchers to look over its systems. Here's what they found

Google and the OpenSSF -or the Open Source Security Foundation

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.