🚀 We are excited to announce the new GitHub Secure Open Source Fund. The new fund is a dedicated initiative aimed at supporting and enhancing the security of open source software backed with +$1.25MM in funding from partners. 🔐 With this program we are striving to help maintainers improve open source security by funding the hard working people that maintain the open source software that the world depends on today. This bring together vital funding, expert guidance, and community support and seeks to add a sustainable way to help improve the overall resilience of open source projects and ecosystems. ✨We are proud to have the support of Alfred P. Sloan Foundation, American Express, Chainguard, GitHub, HeroDevs, Kraken, Mayfield Fund, Microsoft, 1Password, Shopify, Stripe, Superbloom, Vercel, Zerodha, and others. Open source security is crucial and we are committed to creating a safer ecosystem for everyone. Beyond today’s launch for project maintainer, we will continue to accept partners who want to join us is helping secure open source sustainably. https://lnkd.in/e8ygpXzZ #GitHub #GitHubSecure #SupplyChainSecurity #CyberSecurity #opensource
Awww yeah! Thrilled to see this! Keep on rocking it! #oss #developers #integrity
Director of Strategy at FileZilla
3dThat’s a great step forward, Martin, though it’s worth noting that $1.25MM for 125 projects averages out to about $10K per project, which might not even cover the cost of a penetration test or a bug bounty program fee. Don’t get me wrong—it’s encouraging to see the software industry acknowledging that relying on the famous random person in Nebraska isn’t sustainable. However, it’s important for everyone in the industry to recognize that upcoming regulations—such as the CRA in Europe (putting on my European hat) and similar legislation in the US and elsewhere—will require a more substantial and continuous effort to effectively address security concerns.