GitHub launches $1.25M open source fund with a focus on security

Share this post:

The open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the most critical projects via equity-free financing.

Today it’s GitHub’s turn, launching the GitHub Secure Open Source Fund with an initial commitment of $1.25 million in capital from contributors including American Express, 1Password, Shopify, Stripe, and GitHub’s own parent company Microsoft. Other donors include the Alfred P. Sloan Foundation, Chainguard, HeroDevs, Kraken, Mayfield Fund, Superbloom, Vercel, Zerodha, among others.

GitHub briefly teased the new initiative at its annual GitHub Universe developer conference last month, but today it announced full details and formally opened the program for applicants, which will be reviewed “on a rolling basis” through the closing date of January 7, 2025, with programming and funding starting shortly after.

For better or worse, GitHub has emerged as the de facto platform for open source software development, and is the chief reason why Microsoft doled out more than $7 billion for the platform back in 2018. But open source software isn’t always well-maintained, regardless of how pervasive it is in the global software stack — this can lead to issues around security, as we saw with the Log4Shell flaw that wreaked havoc on the software supply chain, spurring programs such as the Big Tech-driven $30 million pledge to bolster open source security in 2022.

Today’s news builds on a number of previous GitHub initiatives designed to support project maintainers that work on key components of critical software, including GitHub Sponsors which landed in 2019 (and which is powering the new fund), but more directly the GitHub Accelerator program that launched its first cohort last year — the GitHub Secure Open Source Fund is essentially an extension of that.

“We’re trying to acknowledge the fact that we’re the home of open source, ultimately, and we have an obligation to help ensure that open source can continue to thrive and have the support that it needs,” GitHub chief operating officer Kyle Daigle told TechCrunch in an interview.

Qualifying projects can be pretty much any project that has an open source license, but of course GitHub will be looking at those that need the funds most — so Kubernetes can hold fire with its application.

“We’re looking for the outsized impact, which tends to be big projects with few maintainers that we all rely on,” Daigle said.

The sum of $1.25 million might sound like a reasonable amount, but it will be split across 125 projects, which means just $10,000 each — better than nothing, for sure, but a drop in the ocean on the grand scheme of things. However, Daigle is quick to stress that money is only part of the prize here — maintainers embark on a three-week program which includes mentorship, certification, security education workshops, and ongoing access to GitHub tools such as Copilot.

“By focusing on security, we can help open source projects have direct funding, but the unique component here is the support from our security experts, the ability to talk and prepare for incident response,” Daigle added.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *