[ad_1]
Open source funding The problem is very realBut a plethora of initiatives have emerged recently, with startups, corporations, and venture capitalists launching various programs to support some of the most important projects through equity-free financing.
Today it’s GitHub’s turn to launch GitHub’s open source secure box With an initial commitment of $1.25 million in capital from shareholders including American Express, 1Password, Shopify, Stripe and GitHub’s parent company Microsoft. Other donors include the Alfred P. Sloan Foundation, Chainguard, HeroDevs, Kraken, Mayfield Fund, Superbloom, Vercel, Zerodha, and others.
GitHub briefly teased the new initiative at its annual conference GitHub universe Developers Conference last month, but today announced full details and officially opened the program to applicants, which will be reviewed “on a rolling basis” until the closing date of January 7, 2025, with programming and funding starting shortly after.
For better or worse, GitHub has emerged as the de facto platform for open source software development, which is the main reason Microsoft committed more than $7 billion to the platform in 2018. But open source software isn’t always well maintained. , no matter how widespread it is in the global software stack – this can lead to issues around security, as we saw with the Log4Shell vulnerability that wreaked havoc on the software supply chain, spurring programs like Big’s $30 million tech-backed pledge to strengthen open source security in Year 2022.
Today’s news builds on a number of previous GitHub initiatives designed to support project maintainers working on key components of critical software, including GitHub sponsors who arrived in 2019 (and who are managing the new fund), but more directly. GitHub Accelerator, which launched its first batch last year – The GitHub Secure Open Source Fund is an extension of this.
“We’re trying to acknowledge the fact that we’re the home of open source, after all, and we have an obligation to help ensure open source continues to thrive and get the support it needs,” GitHub COO Kyle Diggle He told TechCrunch in an interview.
Eligible projects can be almost any project that has an open source license, but of course GitHub will look for those who are in desperate need of funding – so Kubernetes can kill its implementation.
“We’re looking for huge impact, which tends to be large projects with a few maintainers that we all rely on,” Daigle said.
$1.25 million may seem like a reasonable amount, but it will be split across 125 projects, which means only $10,000 per project — which is certainly better than nothing, but it’s just a drop in the ocean in the grand scheme of things. However, Daigle is quick to stress that money is only part of the prize here—moderators embark on a three-week program that includes mentorship, certification, security education workshops, and ongoing access to GitHub tools like Copilot.
“By focusing on security, we can help open source projects get direct funding, but the unique element here is the support from our security experts, the ability to speak up and be prepared to respond to incidents,” Daigle added.
[ad_2]