Enhanced open source security
Investing in security for fast-growing dependencies that support larger projects can mitigate risks and enhance OSS security, especially in the age of AI. Providing funding directly to maintainers enables them to focus on security while giving them expert guidance and emergency support.
Agile, Effective Funding Model
Linking OSS funding directly to security outcomes is essential for aligning incentives. This agile approach not only strengthens the security of your critical projects but also ensures ongoing support for the open source community.
Scaled Ecosystem Impact
Join us in securing open source software for everyone around the world. By participating, you help scale open source security initiatives and provide vital resources and community support to under-resourced projects, effectively reducing risk for all.
Funding Launch Partners
Hear from our partners
Ecosystem Partners
Thank you to our Ecosystem Partners who are helping improve open source security. We are encouraged by the work of these organizations and communities shaping the ecosystem, providing valuable input, feedback, and ideas as we have brought this to life.
FAQ
Why are we launching this program?
We ran an experiment in the GitHub Accelerator to determine whether providing time, resources, expertise, and engagement could enhance security awareness and adoption. The program included modular courses, expert speakers from leading tech companies and CISA, and collaboration with the GitHub Security Lab, resulting in an increase in the adoption of security best practices and features. Building on this success, we are launching a new security-focused programmatic open source fund to advance this work.
Who can apply?
Anyone who is a current maintainer of an open source project. You can also apply as a team for a given open source project (max of 3 people).
You must also:
Be age eighteen (18) or older
Have an active online profile on GitHub
Be located in one of the regions supported by GitHub Sponsors
Not be a current employee of GitHub and/or any of its parent/subsidiary companies
Clear open source license
Open source first project with demonstrated community traction and adoption
Clear governance structure prior to kick-off
Interest and willingness to to engage and improve security
Commitment from core leaders to participate in and engage in the required programming
Agree to Code of Conduct and Privacy Statement
How can I apply?
You can submit an application here.
What do I get if my project is selected?
Funding: $10,000 per project in funding aligned with the program outcomes
Education: 3 week program: 5-10 hours of instruction, workshops and project-specific security milestones
GitHub Security Lab: Office Hours with the GitHub Security Lab team to establish effective security policies
Engagement: Q&As with GitHub Sponsors funders, community members, and GitHub leaders.
Expertise: Access to security experts, Q&As with GitHub Sponsors funders, community members, and GitHub leaders.
Tools: Free access and training for relevant GitHub products, including tools like GitHub Copilot and AutoFix
Cloud Credits: $10,000 in Azure credits. Eligible projects have potential to receive up to $150,000 in free Azure infrastructure credits from Microsoft for Startups.
Community: Access to the new GitHub Secure OSS security community
Certification & Health Reports: Program Certification and bi-annual security health reviews
Incident Management: Planning and support guidance.
What happens after I apply? What are the next steps? When should we hear back?
We will evaluate applications on a rolling basis until they close January 7. Selected participants will have a virtual interview to determine next steps. If you do not hear back from us by Feb 15, 2024 you were not selected to participate.
What’s the funding amount?
It is $10,000 per project.
All funding goes directly to the maintainers that are invited into the program. The funding is broken into tranches aligned to program schedules: $6,000 during program, $2,000 at 6 month check-in, and $2,000 at 12 month check-in.
What does the program entail?
The program is a 3 Week Security Education Program where GitHub provides operational resources and support for the funders. The projects invited into the program will receive programmatic security education, engagement with security experts. Projects will also gain benefits from the security focused maintainer community and promotion of projects and maintainers. Projects will also receive bi-annual security health check ins, and incident response support and emergency escalation path.
What do I have to do if I’m selected?
Selected participants must be able to commit 5-10 hours during the 3 week program of weekly instruction, workshops, and homework or focused work towards project-specific security milestones agreed between the project, the program managers, and GitHub Security Lab experts. All meetings will be hosted in Pacific Standard Time.
What projects are best fit for this?
This program is suited for individual maintainers or small teams of open source projects. Teams that can benefit from education and community to tackle security in a scaled manner are welcome to apply.
How are projects identified and selected?
Founding funding members will be able to take part in referring projects to the program. GitHub will also invite other projects and maintainers of important, fast growing projects to apply to the program.
What benefits do funders receive from participating in the program?
Funders are able to refer projects into the program. After the project is admitted, the funder is able to benefit in the improved security education and outcomes from the maintainer and project. This includes added insights on project security status, and updates on consistent reporting aligned to the project check-ins.
When does the program application launch?
November 19, 2024
How are projects selected?
Projects will be evaluated upon the program and funding ability to impact security.
What is the current timeline for the program?
The program kick-off will be in early 2025.
How can my organization contribute to the fund?
The minimum contribution is to fund one (1) project for $10,000. Please fill out this contact us form.
The first cohort will kick off in Q1 CY 2025, and the funding will commence from that schedule.
What are the benefits when an organization funds?
Reduced Security Risk: Improved security outcomes
Awareness: Recognition for funding and securing open source
Insights: Insights on project security status
Consistent Reporting: Bi-Annual security reports
What role do Ecosystem Partners play in the GitHub Secure Open Source Fund?
Ecosystem Partners bring vital expertise from their work in open source security and sustainability, helping shape the program’s direction. They contribute to program design, curriculum, and success metrics, connecting us with their networks to identify where support is most needed. Through regular check-ins, these partners share insights, provide feedback, and guide security improvements across the ecosystem.
How can I sign up for updates or help?
Awesome! Sign up here for updates.
オープン ソースを支える開発者をサポート
GitHub Sponsors では、開発者コミュニティが GitHub 上で直接、頼りにしているオープン ソース プロジェクトの財政的支援を行えます。
次世代オープン ソース ソフトウェアへの投資
GitHub Fund は M12 と提携し、オープン ソースの企業の支援を行っています。次世代のオープン ソース アントレプレナーと連携し、投資できることを嬉しく思っています。