CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

GitHub Launches Fund to Improve Open Source Project Security

GitHub has launched a $1.25 million fund to be invested in improving the security of 125 open source projects.

GitHub security

Code-hosting platform GitHub on Tuesday announced a new effort to improve the security and sustainability of open source projects through financial help, education, certification, and more.

The Microsoft-owned platform is now accepting applications for the GitHub Secure Open Source Fund, which launches with $1.25 million to be invested in 125 projects, and will leave applications open until January 7, 2025.

The purpose of the fund, GitHub says, is to build a security-minded community of maintainers and funders that have shared objectives, and which will lead to the improved security of the open source ecosystem.

“We’re taking an ecosystem approach because we believe a dependency graph is more than just connected software. It is the underlying people that underpin the success and sustainability of open source,” GitHub notes.

As part of the program, project maintainers will receive financial support, security education, certification, mentorship, tooling, promotion, and bi-annual security health reports.

Maintainers will receive $10,000 per project in funding, directly via GitHub Sponsors, and will be provided with 5-10 hour commitment per week (including workshops, group sessions, mentorship, and project work), dedicated time with the GitHub Security Lab team, access to security experts, and engagement with the community.

Additionally, GitHub will offer free access to and training for relevant products, such as Copilot, Copilot Autofix, and Secret Scanning, access to the new GitHub Secure Open Source community, and opportunities for networking and support.

“Nobody wants their open source project to be the source of security issues to people who use it, but keeping up to date with everything, dealing with security reports and issuing fixes all takes time. And that is often the hardest thing to find when you are already maintaining the project in your spare time,” the platform notes.

Advertisement. Scroll to continue reading.

The GitHub Secure Open Source Fund launches with support from over a dozen organizations, but GitHub says it will continue to accept partners interested in funding open source security.

“We all stand to benefit from unlocking more funding for open source. By tackling problems like open source security as an ecosystem, we believe we can help create more available funding and resources that are vital to the sustainability of open source,” GitHub says.

Related: Open Source Package Entry Points May Lead to Supply Chain Attacks

Related: New Scoring System Helps Secure the Open Source AI Model Supply Chain

Related: Facilitating Convergence of Physical Security and Cyber Security With Open Source Intelligence

Related: The Importance of Open Source to an XDR Architecture

Related: Google Promises Upfront Financial Help for Securing Open Source Projects

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.