Funding Available for Security Improvements to Sandstorm

[Jake W]

The Linux Foundation has just announced the "Secure Open Source Rewards" program, sponsored by Google's OpenSSF thing, which I believe we've discussed here before.

https://sos.dev/

One of the key potential criteria is the criticality score determined by the OpenSSF Critically Score project. They say a project with a score over 0.6 is in scope, and Sandstorm is over 0.64. Qualifying improvements are pretty wide-ranging, but shoring up how we come off on the OpenSSF Scorecard might be a good first step.

It sounds like in most cases they are looking for improvements to be made and submitted (starting today), and then the form submitted requesting rewards, unless it's for a large-scale project which needs advance funds to accomplish.