GitHub, the leading code-hosting platform, has unveiled a groundbreaking $1.25 million funding initiative called the GitHub Secure Open Source Fund, designed to enhance security across the open-source ecosystem.
The program will support 125 open-source projects, with each selected project receiving $10,000 in funding. Project teams of up to three participants will also benefit from a comprehensive three-week certification program featuring weekly instruction, personalized support, workshops, and access to advanced tools like GitHub Copilot and Autofix.
This initiative addresses a critical gap in open-source security funding. While approximately $7.7 billion is invested annually in open source, research shows that 94% of security efforts focus solely on bug fixes and maintenance, leaving broader security concerns underfunded.
Through discussions with developers, GitHub identified that additional funding would enable teams to dedicate more time to security improvements and provide learning opportunities. The program aims to create a more resilient open-source ecosystem by tackling security challenges collectively.
Major technology companies including Microsoft, American Express, Shopify, and Stripe have backed the fund, with GitHub welcoming additional partners to join the initiative.
The program represents GitHub's continued commitment to strengthening open-source security, following its 2022 implementation of code signing for npm software packages using Sigstore - a response to supply chain attacks on the platform.
Open-source developers interested in participating can submit applications through January 7th, with reviews conducted on a rolling basis. This cohort-based program marks a new chapter in collaborative efforts to protect and sustain the open-source community that powers much of today's digital infrastructure.
The initiative builds on GitHub's role as a platform where developers collaborate on open-source code, allowing community contributions while maintaining project owners' control over changes.