GitHub launches $1.25M open source fund with a focus on security

Date:

Share post:


The open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the most critical projects via equity-free financing.

Today it’s GitHub’s turn, launching the GitHub Secure Open Source Fund with an initial commitment of $1.25 million in capital from contributors including American Express, 1Password, Shopify, Stripe, and GitHub’s own parent company Microsoft. Other donors include the Alfred P. Sloan Foundation, Chainguard, HeroDevs, Kraken, Mayfield Fund, Superbloom, Vercel, and Zerodha, among others.

GitHub briefly teased the new initiative at its annual GitHub Universe developer conference last month, but today it announced full details and formally opened the program for applicants, which will be reviewed “on a rolling basis” through the closing date of January 7, 2025, with programming and funding starting shortly after.

For better or worse, GitHub has emerged as the de facto platform for open source software development, and is the chief reason why Microsoft doled out more than $7 billion for the platform back in 2018. But open source software isn’t always well-maintained, regardless of how pervasive it is in the global software stack — this can lead to issues around security, as we saw with the Log4Shell flaw that wreaked havoc on the software supply chain, spurring programs such as the Big Tech-driven $30 million pledge to bolster open source security in 2022.

Today’s news builds on a number of previous GitHub initiatives designed to support project maintainers that work on key components of critical software, including GitHub Sponsors which landed in 2019 (and which is powering the new fund), but more directly the GitHub Accelerator program that launched its first cohort last year — the GitHub Secure Open Source Fund is essentially an extension of that.

“We’re trying to acknowledge the fact that we’re the home of open source, ultimately, and we have an obligation to help ensure that open source can continue to thrive and have the support that it needs,” GitHub Chief Operating Officer Kyle Daigle told TechCrunch in an interview.

Qualifying projects can be pretty much any project that has an open source license, but of course GitHub will be looking at those that need the funds most — so Kubernetes can hold fire with its application.

“We’re looking for the outsized impact, which tends to be big projects with few maintainers that we all rely on,” Daigle said.

The sum of $1.25 million might sound like a reasonable amount, but it will be split across 125 projects, which means just $10,000 each — better than nothing, for sure, but a drop in the ocean on the grand scheme of things. However, Daigle is quick to stress that money is only part of the prize here — as with the initial accelerator program, maintainers embark on a three-week program, which includes mentorship, certification, education workshops, and ongoing access to GitHub tools.

“The main learning from that [accelerator program] was that while you got direct funding, the key part was actually the hands-on support from our teams and experts,” Daigle said. “So we wanted to take what worked so well from that hands-on exposure, and bring it to the much bigger problem of security and software.”



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Sam Altman disputes Marc Andreessen’s description of AI meetings with Biden administration

Famed investor Marc Andreessen recently talked about meetings with Biden administration staff who gave him the impression...

EV startup Canoo places remaining employees on a ‘mandatory unpaid break’

Struggling electric van startup Canoo has placed its remaining employees on what it’s calling a “mandatory unpaid...

After causing outrage on the first day of Y Combinator, AI code editor PearAI lands $1M seed

On the first day of Y Combinator’s winter 2024 session – right after orientation and a photo...

Third member of LockBit ransomware gang has been arrested

U.S. prosecutors in New Jersey on Friday publicly announced charges against Rostislav Panev, 51, a dual Russian-Israeli...

Feds clear the way for robotaxis without steering wheels and pedals

The National Highway Traffic Safety Administration (NHTSA) on Friday proposed a new national framework that could make...

VCs pledge not to take money from Russia or China, and Databricks raises a humongous round

Welcome to Startups Weekly — your weekly recap of everything you can’t miss from the world of...

Nvidia clears regulatory hurdle to acquire Run:ai

Chip company Nvidia gets the green light from the European Union to complete its acquisition of Run:ai. The...

Google is expanding Gemini’s in-depth research mode to 40 languages

Google said Friday that the company is expanding Gemini’s latest in-depth research mode to 40 more languages. The...