GitHub Secure OSS Fund

Up-level open source security and scale impact.

Enhanced open source security

Investing in security for fast-growing dependencies that support larger projects can mitigate risks and enhance OSS security, especially in the age of AI. Providing funding directly to maintainers enables them to focus on security while giving them expert guidance and emergency support.

Agile, Effective Funding Model

Linking OSS funding directly to security outcomes is essential for aligning incentives. This agile approach not only strengthens the security of your critical projects but also ensures ongoing support for the open source community.

Scaled Ecosystem Impact

Join us in securing open source software for everyone around the world. By participating, you help scale open source security initiatives and provide vital resources and community support to under-resourced projects, effectively reducing risk for all.

Let's invest in open source security together

If you’re investing or building in open source, we look forward to hearing from you.

Let's invest in improving open source security for everyone

Interested in funding open source security? We look forward to hearing from you.

Contact us

Frequently asked questions

Why are we launching this program?

We ran an experiment in the GitHub Accelerator to determine whether providing time, resources, expertise, and engagement could enhance security awareness and adoption. The program included modular courses, expert speakers from leading tech companies and CISA, and collaboration with the GitHub Security Lab, resulting in a 78% increase in the adoption of security best practices and features. Building on this success, we are launching a new security-focused programmatic open source fund to advance this work.

What’s the investment?

It is $10K per project that you want to sponsor into the program. All funding goes directly to the maintainers that are invited into the program. The funding is broken into tranches aligned to program schedules: $6K for at program kick-off, $2K at 6 month check-in, and $2K at 12 month check-in. The first cohort will kick off in Q1 CY 2025, and the funding will commence from that schedule. We have had partners commit supporting up to 50 projects through the program. 

What does the program entail?

The program is a 3 Week Security Education Program where GitHub provides operational resources and support for the funders. The projects invited into the program will receive programmatic security education, engagement with security experts. Projects will also gain benefits from the security focused maintainer community and promotion of projects and maintainers. Projects will also receive bi-annual security health check ins, and incident response support and emergency escalation path. 

What projects are best fit for this?

This program is suited for individual maintainers or small teams of fast growing or important dependencies. Smaller project teams handle critical tasks, need security support, and many are under-resourced. These projects also indicate the need of education and community to tackle security in a scaled manner. 

How are projects identified and selected?

Founding funding members will be able to take part in referring projects to the program. GitHub will also invite other projects and maintainers of important, fast growing projects to apply to the program.

What benefits do funders receive from participating in the program?

Funders are able to refer projects into the program. After the project is admitted, the funder is able to benefit in the improved security education and outcomes from the maintainer and project. This includes added insights on project security status, and updates on consistent reporting aligned to the project check-ins.

When does the program application launch?

November 19, 2024

How are projects selected?

More detailed information will be provided at program launch.

What is the current timeline for the program?

The program kick-off will be in early 2025. 

Support the developers who power open source

GitHub Sponsors allows the developer community to financially support the open source projects they depend on, directly on GitHub.

Check out GitHub Sponsors

Funding the next generation of open source software

GitHub Fund is partnering with M12 to help open source companies grow. We are thrilled to partner with and invest in the next generation of open source entrepreneurs.

Read more about GitHub Fund

The largest open source community in the world

Open source software is free for you to use and explore. Get involved to perfect your craft and be part of something big.

Join one or start your own