Cyber Security

Google Pledges $1 Million to Safe Open Supply Program

Google final week pledged $1 million in monetary help to the Safe Open Supply (SOS) rewards program run by the Linux Basis.

The pilot program financially rewards builders who assist enhance the safety of important open supply initiatives and is supposed to enhance present vulnerability administration packages.

Dedicated to spice up the safety of the open supply ecosystem, the Web search large just lately pledged $100 million in help for initiatives that purpose to repair vulnerabilities in open supply initiatives. A few weeks in the past, Google announced support for OSTIF (Open Supply Know-how Enchancment Fund).

The SOS pilot program has a large scope in comparison with reward vulnerability packages, because it arrives in help of builders, providing rewards for numerous enhancements aimed toward hardening important open supply initiatives.

Submitted initiatives might be thought of important after an analysis based mostly on pointers from the Nationwide Institute of Requirements and Know-how following the current Executive Order on Cybersecurity, Google explains.

Different standards considered embody impression of the undertaking (when it comes to affected customers, impression on infrastructure and person safety, and the implications of the undertaking’s compromise), and the undertaking’s rankings in present open supply criticality analysis (such because the Havard 2 Census Examine of most-used packages and the OpenSSF Critically Rating undertaking).

At first, rewards might be awarded for software program provide chain safety enhancements such because the hardening of CI/CD pipelines and distribution infrastructure, adoption of software program artifact signing and verification, enhancements that result in larger OpenSSF Scorecard outcomes, addressing the recognized points and using OpenSSF Allstar, and CII Greatest Follow Badges.

SOS rewards will solely be awarded for work accomplished after October 1, 2021. On a case-by-case foundation, upfront funding can also be awarded, “for impactful enhancements of average to excessive complexity over an extended time span,” Google says.

As a part of the pilot program, builders could obtain $10,000 or extra for classy, high-impact enhancements that forestall main vulnerabilities; between $5,000 and $10,000 for reasonably complicated enhancements; between $1,000 and $5,000 for modest complexity submissions; or $505 for small enhancements.

Associated: Cisco, Sonatype and Others Join Open Source Security Foundation

Associated: Tool Helps Developers Visualize Dependencies of Open Source Projects

view counter

Ionut Arghire is a global correspondent for SecurityWeek.

Earlier Columns by Ionut Arghire:

Source link

Cyber Security

Ukrainian police arrest hacker who brought on $150 million injury to world companies

A pc keyboard lit by a displayed cyber code is seen on this illustration image taken on March 1, 2017. REUTERS/Kacper Pempel

KYIV, Oct 4 (Reuters) – Ukrainian police stated on Monday that they had arrested a 25-year-old man who hacked greater than 100 overseas corporations and brought on injury value greater than $150 million.

The hacker, who was not recognized, used phishing assaults and hijacked software program that permits computer systems to be accessed remotely, a police assertion stated. The victims included “world-famous power and tourism corporations”, it added.

The hacker was caught with the assistance of regulation enforcement officers from the US, France, Europol and Interpol.

Police performed searches on the properties of the defendant and his family members.

“Consequently, laptop gear, cell phones, automobiles and greater than 360 thousand {dollars} in money had been seized. As well as, $1.3 million was blocked on the attacker’s cryptocurrencies,” the police stated.

Reporting by Natalia Zinets; writing by Matthias Williams, modifying by Ed Osmond

Our Requirements: The Thomson Reuters Trust Principles.

Source link