Powered by GitHub Sponsors
Enhanced open source securityInvesting in security for fast-growing dependencies that support larger projects can mitigate risks and enhance OSS security, especially in the age of AI. Providing funding directly to maintainers enables them to focus on security while giving them expert guidance and emergency support.
Agile, Effective Funding ModelLinking OSS funding directly to security outcomes is essential for aligning incentives. This agile approach not only strengthens the security of your critical projects but also ensures ongoing support for the open source community.
Scaled Ecosystem ImpactJoin us in securing open source software for everyone around the world. By participating, you help scale open source security initiatives and provide vital resources and community support to under-resourced projects, effectively reducing risk for all.
Hear from our partners“
The technology program at the Alfred P. Sloan Foundation aligns open source practices with scientific research, helping ensure that open source technology improves security for everyone in the ecosystem.
“
We're excited that the GitHub SOSS Fund will leverage OpenSSF community insights to support critical projects and developers with training, tools, and a network to strengthen software security.
“
The security of open source software has long been a priority for American Express. We are proud to back this important program that aims to improve security in a scalable way and help support open source maintainers to implement secure software.
“
We see this program as an exciting win-win: getting money directly into the hands of FOSS developers, while enabling critical security improvements that benefit everyone.Frequently asked questions Why are we launching this program?
We ran an experiment in the GitHub Accelerator to determine whether providing time, resources, expertise, and engagement could enhance security awareness and adoption. The program included modular courses, expert speakers from leading tech companies and CISA, and collaboration with the GitHub Security Lab, resulting in an increase in the adoption of security best practices and features. Building on this success, we are launching a new security-focused programmatic open source fund to advance this work.
Who can apply?Anyone who is a current maintainer of an open source project. You can also apply as a team for a given open source project (max of 3 people).
You must also:
How can I apply?You can submit an application here.
What do I get if my project is selected? What happens after I apply? What are the next steps? When should we hear back?Applications are open on a rolling basis and will be considered for all Program Sessions in 2025. Selected participants will have a virtual interview to determine next steps.
What’s the funding amount?It is $10,000 per project.
All funding goes directly to the maintainers that are invited into the program. The funding is broken into tranches aligned to program schedules: $6,000 during program, $2,000 at 6 month check-in, and $2,000 at 12 month check-in.
What does the program entail?The program is a 3 Week Security Education Program where GitHub provides operational resources and support for the funders. The projects invited into the program will receive programmatic security education, engagement with security experts. Projects will also gain benefits from the security focused maintainer community and promotion of projects and maintainers. Projects will also receive bi-annual security health check ins, and incident response support and emergency escalation path.
What do I have to do if I’m selected?Selected participants must be able to commit 15 hours over a 3-week period, including weekly instruction, workshops, and focused work toward project-specific security milestones. Meetings are scheduled in Pacific Standard Time. Participants must also be available to commit 2.5 hours at both the 6-month and 12-month check-ins, totaling 20 hours for the program overall.
What projects are best fit for this?This program is suited for individual maintainers or small teams of open source projects. Teams that can benefit from education and community to tackle security in a scaled manner are welcome to apply.
How are projects identified and selected?Founding funding members will be able to take part in referring projects to the program. GitHub will also invite other projects and maintainers of important, fast growing projects to apply to the program.
What benefits do funders receive from participating in the program?Funders are able to refer projects into the program. After the project is admitted, the funder is able to benefit in the improved security education and outcomes from the maintainer and project. This includes added insights on project security status, and updates on consistent reporting aligned to the project check-ins.
How are projects selected?Projects will be evaluated upon the program and funding ability to impact security.
How can my organization contribute to the fund?The minimum contribution is to fund one (1) project for $10,000. Please fill out this contact us form.
What are the benefits when an organization funds? What role do Ecosystem Partners play in the GitHub Secure Open Source Fund?Ecosystem Partners bring vital expertise from their work in open source security and sustainability, helping shape the program’s direction. They contribute to program design, curriculum, and success metrics, connecting us with their networks to identify where support is most needed. Through regular check-ins, these partners share insights, provide feedback, and guide security improvements across the ecosystem.
How can I sign up for updates or help?RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4