The SOS program “financially rewards developers for enhancing the security of critical open source projects that we all depend on” and is run by the Linux Foundation with sponsorship from the Google Open Source Security Team.
According to the SOS website, the program “rewards a very broad range of improvements that proactively harden critical open source projects and supporting infrastructure against application and supply chain attacks.”
Projects will be selected based on criteria including:
- The overall impact of the project, such as the number and type of users, impact on infrastructure, and implications of potential compromise.
- The project’s rankings in existing open source criticality research, such as the Core Infrastructure Initiative Census II Report and the OpenSSF Criticality Score project.
Review the program FAQ to learn how to participate. Note that only work completed after October 1, 2021 will qualify for SOS rewards.