A new security-focused program, the GitHub Secure Open Source Fund, will invest $1.25M across 125 open source projects. The project is backed by the support of organizations including American Express, Chainguard, 1Password and Zerodha.

GitHub says the program is designed to financially and programmatically improve security and sustainability of open source projects. In addition to funding, selected projects will receive three weeks of security education, mentorship, free tooling and certification.

GitHub says maintainers will get tools like GitHub Copilot and Copilot Autofix to help "improve security posture, reduce security debt, and improve confidence of downstream users". This element will include access and training for Copilot, Copilot Autofix, and secret scanning.

All the funding will go directly to maintainers via GitHub Sponsors, and anyone who is a current maintainer of an open source project with a valid open source license and located in one of the regions supported by GitHub Sponsors can apply.

The funding means participants will receive $10,000 per project. They will also have the educational element consisting of three weeks of a 5-10 hour commitment each week with a mix of 1-to-1, instruction, workshops, group sessions, project work, and mentorship. Projects will also have focused work towards project-specific security milestones agreed between the project, the program managers, and GitHub Security Lab.

Alongside the educational time, participants will get dedicated time with the GitHub Security Lab team to establish effective security policies and best practices for incident management planning and support. They will also be able to take part in Q&As with GitHub Sponsors funders, community members, and GitHub leaders, and have access to security experts from the GitHub Security Lab, Q&As with GitHub Sponsors funders, community members, and GitHub leaders.

The participants will also get alumni support and networking, access to a new GitHub Secure Open Source community, and help with preparing projects to meet the requirements of policies like Secure by Design and the EU Cyber Resilience Act. Projects will also receive program certification and bi-annual security health reviews.

Applications are currently open for projects that would like funding, and will continue on a rolling basis until January 7 2025.

More Information

GitHub Secure Open Source Fund

Secure Open Source Fund Application Link

Related Articles

GitHub Announces 2024 Accelerator Cohort Winners

GitHub Updates Sponsorship Program For Open Source

GitHub Sponsors - Money For Open Source

GitHub Enterprise Server 3.10 Improves Security

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info