According to a FAQ posted on the internet site of the SOS Rewards software, although it does show up related to a standard bug bounty system, the SOS Benefits application has a broader perspective and isn’t looking to reward certain job vulnerabilities.
“SOS rewards a extremely wide array of improvements that proactively harden crucial open supply jobs and supporting infrastructure against software and offer chain assaults,” further demonstrate associates of the Google Open up Resource Security Workforce.
Securing the source chain
The backing for the project will come soon after it emerged that there’s been a whopping 650% calendar year in excess of year raise in source chain assaults targeted in the direction of upstream open up source public repositories.
The report noted that open resource program continues to enjoy an integral element of lots of vital infrastructure, which also helps make it a ripe goal for application provide chain attacks.
A couple weeks again, Google revealed its economical backing for the Open up Resource Technology Enhancement Fund (OSTIF), to sponsor in-depth security assessments to critical assignments essential to the open source ecosystem, as portion of OSTIF’s Managed Audit Application (MAP).
This $1 million motivation to the SOS initiative further more expands Google’s determination to assisting protected open up resource software package.
According to the system, rewards range from $505 to $10,000 or far more relying on the scope and impact of the improvements on the much larger group.
“We are starting with a $1 million financial investment and approach to increase the scope of the application based mostly on group feed-back,” assures the Google Open Resource Protection Workforce.
By means of ZDNet