Secure Open Source Reward Submission
Secure Open Source is a program that rewards security improvements for critical open source projects. Reward amounts vary based on the complexity and the impact. The final amount is chosen at the discretion of the reward panel.
Contact us at
if you have any questions.
Sign in to Google
to save your progress.
Are you representing yourself or a vendor/organization?
Artifact signing and verification (e.g. using Sigstore)
AllStar install and remediation
Link to source code
Is this submission for work you have already completed or a request for funds to make security improvements?
The work has already been completed
I need funds to complete the work (Limited to high complexity work ONLY)
This rewards program is limited to critical open source projects. What makes an open source project critical? It should be a popular and widely used project that has a critical impact on infrastructure and user security. Projects that come to mind are popular web frameworks or libraries, decompression libraries, crypto libraries, mail servers, databases, network services, and security or toolchain dependencies of any critical projects themselves. In the response below, please explain in as many words as you feel are needed why this project is critical.
Please select the option below that best describes the complexity of the work involved.
Minor effort or complexity
Modest effort or complexity
Moderate effort or complexity
High effort or complexity
Please select the option below that best describes the security impact of this work.
A small improvement that nevertheless has merit from a security standpoint
Modest impact, tangible security benefits
Moderate impact, compelling security benefits
High impact, lasting improvements
Tell us more about the work
Please tell us what the improvement is and explain how it works, its complexity, and the security impact (including links to CLs). If the improvement required a lot of effort to complete, tell us why in detail. Include any information that may convince us that the improvement has a demonstrable, significant, and proactive impact on security. If this submission is similar to a previous submission, please let us know and tell us how this one is different.
A copy of your responses will be emailed to the address you provided.
Never submit passwords through Google Forms.
This form was created inside of Google.com.
Privacy & Terms