GitHub has launchedwith the support of several partners, the Secure Open Source Fund. This is a project focused on help improve the security of open source initiativesboth through financial support and support at other levels.
Teams and entities that are developing one of these projects can apply to participate in it and receive both training and financial support until January 7, 2025. Each participating project will receive a maximum of $10,000, so the fund It will help a maximum of 125 projects.
Apart from the financial contribution, the selected projects will participate in a three-week program that will provide the people in charge of maintaining and developing them with security training, mentoring, tools and certifications, as well as biannual reports on the status of their security. After six and twelve months from the end of the training programs, follow-up will be done with the participants to check the status of the project.
Among the partners that will participate in the fund are the. Alfred P. Sloan Foundation, American Express, Chainguard, HeroDevs, Kraken, the Mayfield Fund, Microsoft, 1Password, Shopify, Stripe, Superbloom or Vercel. On GitHub, they have also highlighted that they continue to accept partners who want to join the fund.
Among the objectives of this initiative, in addition to improving security in projects so that it is scalable and continues its growth rate, is the development of a project maintenance community that takes security into account, in which the founders also participate. of said projects.
Project maintainers will learn hands-on security principles, plus access to tools like GutHub Copilot or Copilot Autofix to improve their security posture and improve user trust. As for funding, it will go directly to them through GitHub Sponsors.
Anyone who is currently dedicated to maintaining an open source project with an open source license today, and is located in the regions covered by GitHub Sponsors, which currently covers more than a hundred countries, can submit your application to enter the program.
The training of the program, as we have mentioned, will last three weeks, and will consist of sessions of between 5 and 10 hours per week consisting of private sessions, training, workshops, group sessions, project work and mentoring. Projects will also have work focused on covering specific security objectives agreed between the project, those responsible for the program and GitHub Security Lab.
Members of this security laboratory will also participate in sessions with members of the projects with the aim of Help them implement effective security policiesas well as showing them the best practices for planning and working in incident management.
