GitHub has launched a new investment program worth 1.25 million dollars (1.85 million euros). This program should help developers improve the security and sustainability of their open-source projects.
According to GitHub, the now-established GitHub Secure Open Source Fund should improve the security of open-source projects at scale. This is done by building a community of developers willing to commit to this as well as financial supporters. Both groups share the same goals, i.e. more secure and sustainable open-source projects.
Both groups can also benefit later from reduced security risks, clarity and insight into the (security) status of projects, and clear reporting on this.
GitHub says the new investment fund should primarily ensure that open-source developers feel more confident about their projects’ security status. After all, no open-source developer wants his or her project to be the source of possible serious bugs at a later stage.
125 projects stand a chance
GitHub plans to support 125 projects with the program, each receiving $10,000 in funding. Selected projects will receive security training, interaction with experts, community support, promotional activities, and biannual reports on their security status.
Also, among many other opportunities and benefits, they will receive training in GitHub Copilot and Copilot Autofix, among other things, to improve their security and thus gain more trust from their end users.
Participation and applications
Any developer with an open-source project and a valid open-source license and based in one of the regions supported by GitHub Sponsors can participate in the program. All final funding will happen through these sponsors.
Developer projects for the investment program will be reviewed in the order they are received. The application period is now open and closes on Jan. 7, 2025.
The GitHub Secure Open Source Fund is supported by many financial partners, including the Alfred P. Sloan Foundation, American Express, Chainguard, HeroDevs, Kraken, Mayfield Fund, Microsoft, 1Password, Shopify, Stripe, Superbloom, Vercel, and Zerodha. New partners are, of course, welcome.