Google’s love for open-source projects is definitely worth applauding. The California-based tech giant has recently announced its $1 sponsorship for the Secure Open Source (SOS) pilot program managed by the Linux Foundation.
Not long ago, Google committed $100 million to support third-party foundations fixing security issues in open-source software. So, this sounds like another step in the right direction.
Improving the Security of Open-Source Projects
The SOS pilot program is a result of an increase in supply chain attacks and security issues in open-source projects that impacts users at large.
The program aims to reward developers working on improving the security of such open-source projects.
According to the Linux Foundation:
SOS rewards a very broad range of improvements that proactively harden critical open source projects and supporting infrastructure against application and supply chain attacks.
It is worth noting that only certain open-source projects will be considered for the program. While it is tough to list critical open-source projects, the program will follow the National Institute of Standards and Technology’s definition in response to the recent Executive Order on Cybersecurity to decide if a project can be considered eligible.
Overall, a developer will have to evaluate the significance and the impact of an open-source project before working on it to expect a reward.
Specific types of security improvements have been officially listed to be eligible for the reward. Still, depending on the impact of the project and complexity, an unlisted improvement can qualify.
Rewards for Minor Improvements to Critical Fixes
No matter the complexity of your improvement, there are chances that a developer will get rewarded if it makes a significant difference.
Reward amounts start from $505 to $10,000 or more “for complicated, high-impact, and lasting improvements”.
Google, together with the Linux Foundation, has stated that:
The SOS program is part of a broader effort to address a growing truth: the world relies on open source software, but widespread support and financial contributions are necessary to keep that software safe and secure. This $1 million investment is just the beginning—we envision the SOS pilot program as the starting point for future efforts that will hopefully bring together other large organizations and turn it into a sustainable, long-term initiative under the OpenSSF.
Once you’ve gone through all the specifics, you can fill out the form linked below to get started.