Blue and green cube and semisphere with a purple helmet icon

GitHub Secure Open Source Fund

Powered by GitHub Sponsors

Enhanced open source security

Investing in security for fast-growing dependencies that support larger projects can mitigate risks and enhance OSS security, especially in the age of AI. Providing funding directly to maintainers enables them to focus on security while giving them expert guidance and emergency support.

Agile, Effective Funding Model

Linking OSS funding directly to security outcomes is essential for aligning incentives. This agile approach not only strengthens the security of your critical projects but also ensures ongoing support for the open source community.

Scaled Ecosystem Impact

Join us in securing open source software for everyone around the world. By participating, you help scale open source security initiatives and provide vital resources and community support to under-resourced projects, effectively reducing risk for all.

New Funding Unlocked

Learn how improving open source security landed an enterprise contract and unlocked new project funding.

Funding Launch Partners

Company logos

Hear from our partners

The technology program at the Alfred P. Sloan Foundation aligns open source practices with scientific research, helping ensure that open source technology improves security for everyone in the ecosystem.
Sloan Foundation logo
Josh GreenbergSloan Foundation
We're excited that the GitHub SOSS Fund will leverage OpenSSF community insights to support critical projects and developers with training, tools, and a network to strengthen software security.
openssf logo bw
Christopher RobinsonChief Architect of OpenSSF at Linux Foundation
The security of open source software has long been a priority for American Express. We are proud to back this important program that aims to improve security in a scalable way and help support open source maintainers to implement secure software.
American Express logo
Hilary PackerAmerican Express - Chief Technology Officer
We see this program as an exciting win-win: getting money directly into the hands of FOSS developers, while enabling critical security improvements that benefit everyone.
Zerodha logo
Dr. Kailash NadhZerodha - Chief Technology Officer

Ecosystem Partners

Thank you to our Ecosystem Partners who are helping improve open source security. We are encouraged by the work of these organizations and communities shaping the ecosystem, providing valuable input, feedback, and ideas as we have brought this to life.

Logos for OpenJS Sovereign Tech Agency Sustain OSS Mozilla Foundation OpenSSF Open Source Collective Ecosyste.ms OTF OSI CURIOSS LISH UCSC Open Forum Europe

Let's improve open source security for everyone

Interested in improving open source security? We look forward to hearing from you

Apply nowInvest with us

Frequently asked questions

Why are we launching this program?

We ran an experiment in the GitHub Accelerator to determine whether providing time, resources, expertise, and engagement could enhance security awareness and adoption. The program included modular courses, expert speakers from leading tech companies and CISA, and collaboration with the GitHub Security Lab, resulting in an increase in the adoption of security best practices and features. Building on this success, we are launching a new security-focused programmatic open source fund to advance this work.

Who can apply?

Anyone who is a current maintainer of an open source project. You can also apply as a team for a given open source project (max of 3 people). 

You must also:

  • Be age eighteen (18) or older

  • Have an active online profile on GitHub

  • Be located in one of the regions supported by GitHub Sponsors

  • Not be a current employee of GitHub and/or any of its parent/subsidiary companies

  • Clear open source license

  • Open source first project with demonstrated community traction and adoption

  • Clear governance structure prior to kick-off

  • Interest and willingness to to engage and improve security

  • Commitment from core leaders to participate in and engage in the required programming

  • Agree to Code of Conduct and Privacy Statement

How can I apply?

You can submit an application here

What do I get if my project is selected?

  • Funding: $10,000  per project in funding aligned with the program outcomes

  • Education: 3 week program: 5-10 hours of instruction, workshops and project-specific security milestones

  • GitHub Security Lab: Office Hours with the GitHub Security Lab team to establish effective security policies

  • Engagement: Q&As with GitHub Sponsors funders, community members, and GitHub leaders.

  • Expertise: Access to security experts, Q&As with GitHub Sponsors funders, community members, and GitHub leaders.

  • Tools: Free access and training for relevant GitHub products, including tools like GitHub Copilot and AutoFix

  • Cloud Credits: $10,000 in Azure credits. Eligible projects have potential to receive up to $150,000 in free Azure infrastructure credits from Microsoft for Startups.

  • Community: Access to the new GitHub Secure OSS security community 

  • Certification & Health Reports: Program Certification and bi-annual security health reviews

  • Incident Management: Planning and support guidance.

What happens after I apply? What are the next steps? When should we hear back?

We will evaluate applications on a rolling basis until they close January 7. Selected participants will have a virtual interview to determine next steps. If you do not hear back from us by Feb 15, 2024 you were not selected to participate.

What’s the funding amount?

It is $10,000 per project.

All funding goes directly to the maintainers that are invited into the program. The funding is broken into tranches aligned to program schedules: $6,000 during program, $2,000 at 6 month check-in, and $2,000 at 12 month check-in.

What does the program entail?

The program is a 3 Week Security Education Program where GitHub provides operational resources and support for the funders. The projects invited into the program will receive programmatic security education, engagement with security experts. Projects will also gain benefits from the security focused maintainer community and promotion of projects and maintainers. Projects will also receive bi-annual security health check ins, and incident response support and emergency escalation path. 

What do I have to do if I’m selected?

Selected participants must be able to commit 5-10 hours during the 3 week program of weekly instruction, workshops, and homework or focused work towards project-specific security milestones agreed between the project, the program managers, and GitHub Security Lab experts. All meetings will be hosted in Pacific Standard Time.

What projects are best fit for this?

This program is suited for individual maintainers or small teams of open source projects. Teams that can benefit from education and community to tackle security in a scaled manner are welcome to apply. 

How are projects identified and selected?

Founding funding members will be able to take part in referring projects to the program. GitHub will also invite other projects and maintainers of important, fast growing projects to apply to the program.

What benefits do funders receive from participating in the program?

Funders are able to refer projects into the program. After the project is admitted, the funder is able to benefit in the improved security education and outcomes from the maintainer and project. This includes added insights on project security status, and updates on consistent reporting aligned to the project check-ins.

When does the program application launch?

November 19, 2024

How are projects selected?

Projects will be evaluated upon the program and funding ability to impact security. 

What is the current timeline for the program?

The program kick-off will be in early 2025. 

How can my organization contribute to the fund?

The minimum contribution is to fund one (1) project for $10,000. Please fill out this contact us form

The first cohort will kick off in Q1 CY 2025, and the funding will commence from that schedule.

What are the benefits when an organization funds?

  • Reduced Security Risk: Improved security outcomes

  • Awareness: Recognition for funding and securing open source

  • Insights: Insights on project security status

  • Consistent Reporting: Bi-Annual security reports

What role do Ecosystem Partners play in the GitHub Secure Open Source Fund?

Ecosystem Partners bring vital expertise from their work in open source security and sustainability, helping shape the program’s direction. They contribute to program design, curriculum, and success metrics, connecting us with their networks to identify where support is most needed. Through regular check-ins, these partners share insights, provide feedback, and guide security improvements across the ecosystem.

How can I sign up for updates or help?

Awesome! Sign up here for updates.

Support the developers who power open source

GitHub Sponsors allows the developer community to financially support the open source projects they depend on, directly on GitHub.

Check out GitHub Sponsors

Funding the next generation of open source software

GitHub Fund is partnering with M12 to help open source companies grow. We are thrilled to partner with and invest in the next generation of open source entrepreneurs.

Read more about GitHub Fund

The largest open source community in the world

Open source software is free for you to use and explore. Get involved to perfect your craft and be part of something big.

Join one or start your own