Google introduced Secure Open Source (SOS), within which the payment of premiums for carrying out works related to the enhancement of the safety of critical open-ended software will be organized. The first payments were allocated a million dollars, but if the initiative is recognized as a successful investment in the project will continue.
The following premiums are provided:
- $ 10,000 and more – for making complicated, having significant importance and relevant in the long-term perspective of improvements to protect against serious vulnerabilities in the code or infrastructure of open projects.
- $ 5000- $ 10,000 – for the improvements of medium complexity, positively affecting safety.
- $ 1000- $ 5000 for improvement of moderate complexity that improves safety.
- $ 505 – for small improvements that enhance safety.
Applications For rewards are accepted only for changes made to the projects with the level of criticality Below 0.6 by rating OpenSSF Critically Score or included in the list of projects requiring special security check. The nature of the proposed changes should be associated with an increase in security in such areas as an increase in the protection of infrastructure elements (for example, the processes of continuous integration and distribution of releases), the introduction of verification systems for digital signatures of the software components, improving the product level (review, fuzzing testing , Protection against attacks through dependencies).