GitHub Secure Open Source Fund: Project maintainers, apply now!
GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their software.
The program is funded by companies (AmEx Chainguard, Microsoft, 1Password, Shopify, Stripe, etc.), venture funds (e.g., Mayfield Fund) and nonprofits (e.g., the Alfred P. Sloan Foundation).
About the program
Applicants that get chosen will receive, among other things:
- $10,000 per project (delivered via GitHub Sponsors)
- Security education, whether via 1-on-1 instruction, workshops, or group sessions
- Dedicated time with the GitHub Security Lab team, which will help them implement effective security policies and best practices for incident management planning and support
- Education on policy (e.g., Secure by Design, EU Cyber Resilience Act)
- Free access and training for tools like GitHub Copilot, Copilot Autofix, and secret scanning
- $10,000 in Azure (cloud) credits
- Access to and Q&As with GitHub Sponsors funders, community members, and GitHub leaders
- A certification for having completed the program, and bi-annual security health reviews
“Anyone who is a current maintainer of an open source project with a valid open source license and located in one of the regions supported by GitHub Sponsors can apply,” says Martin Woodward, VP of Developer Relations at GitHub.
“This program is suited for individual maintainers or small teams of open source projects. Teams that can benefit from education and community to tackle security in a scaled manner are welcome to apply,” GitHub notes.
“Selected participants must be able to commit 5-10 hours during the 3 week program of weekly instruction, workshops, and homework or focused work towards project-specific security milestones agreed between the project, the program managers, and GitHub Security Lab experts.”
Applications for the program are open until January 7 at 11:59 PM PT, and programming and funding will start in early 2025. The first cohort of participants will include 125 maintainers / projects.