Google Makes a $1 Million Donation to Protect Open Source Program

Google Makes a $100 Million Donation to Protect Open-Source Program

The pilot initiative, designed to supplement existing vulnerability management programs, pays developers who assist improve the security of critical open-source projects.

The Internet search engine giant has offered $100 million in assistance for initiatives that attempt to repair vulnerabilities in open-source projects as part of its commitment to improving the security of the open-source ecosystem. Google announced support for OSTIF (Open Source Technology Improvement Fund) a few weeks ago.

Compared to other reward vulnerability programs, this SOS pilot program has a broad reach since it comes in support of developers, giving incentives for various changes targeted at strengthening key open-source projects.

According to Google, after a review based on standards from the National Institute of Standards and Technology in response to the recent Executive Order on Cybersecurity, submitted projects will be designated essential.

Other variables taken into account include the project’s impact (in terms of the number of people affected, the impact on infrastructure and user security, and the ramifications of the project’s failure), as well as the project’s standings in open-source criticality research (like the OpenSSF Critically Score project and Havard 2 Census Study of most-used packages).

Initially, incentives will be given for improvements in software supply chain security, such as hardening of CI/CD pipelines and distribution infrastructure, upgrades that contribute to improved OpenSSF Scorecard scores, acceptance of software artifact signing and verification, resolving highlighted problems, and the usage of OpenSSF Allstar, and CII Best Practice Badges.

Only work done after October 1, 2021, will be eligible for SOS awards. Upfront financing may be given on a case-by-case basis for meaningful enhancements of moderate to extreme complexity over a more extended period, Google adds.

Developers may get $10,000 or more as part of the trial program for complicated, high-impact fixes that avoid serious vulnerabilities; between $5,000 and $10,000 for somewhat complex upgrades; between $1,000 and $5,000 for submissions of moderate difficulty; and $505 for minor revisions.



About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.