Google announced on October 1 that it was giving away $1 million to a program that rewards programs that contribute to the safety of open source software.
Google is making significant investments in the advancement and safety of its open source software, and in August 2021 it announced a $10 billion investment in its open source security business, including a $100 million grant. Following these efforts, Google announced on its official blog on October 1 that it would donate $1 million to the Secure Open Source (SOS) pilot program run by the Linux Foundation.
As for the reason for choosing to invest in SOS, Google said that SOS is making various improvements to actively protect important open source software and the infrastructure that supports it from attacks. Subject stated that it applies to a relatively wide range of tasks.
SOS support targets are selected based on the contents and impact of projects that receive rewards from various fields, but are usually selected based on guidelines and standards established by the National Institute of Standards and Technology in accordance with the Presidential Decree on cyber security. The criterion is the number and type of users who will benefit from the improved security. Also, how big is the impact on infrastructure and user security? Severity and scope of impact if the project is in crisis. In addition, whether the improved vulnerability is designated as free software or other vulnerability evaluation (Census Program II), or a similar open source project (OpenSSF Critically Score 0.6) or higher is given an important score.
The amount of compensation depends on the impact and complexity of the project. Complex, high-impact, continuous improvement that almost certainly prevents critical vulnerabilities in affected code and supporting infrastructure, costing more than $10,000. It also costs between $5,000 and $10,000 for moderately complex improvements with large security benefits, and $505 for small-scale security improvements.
Google said it is part of an effort to address a situation in which SOS relies on open source software that the world needs, requiring extensive funding and support to keep it safe. As such, this $1 million spending is only the beginning, he said, and he expects the SOS pilot program to develop a sustainable and long-term movement to lead other large organizations with different starting points in future efforts. Related information can be found here.