23.Tablet Connections

SOS.dev initiative will combat software supply chain attacks by encouraging researchers to suggest security improvements to key projects.

A new program is aiming to reward developers and security researchers who make improvements to critical infrastructure based on open source technology.

The Secure Open Source Rewards (SOS.dev) scheme will be broader than current bug bounty programs, according to its backers.

The program will “harden critical open source projects” and help protect against application and software supply chain attacks by encouraging researchers and developers to suggest security improvements.

Rewards range from $505 for small improvements up to $10,000 or more for “complicated, high-impact and lasting improvements that almost certainly prevent major vulnerabilities”.