GitHub is launching a new program to fund open source projects to improve their security and sustainability.
The GitHub Secure Open Source Fund will invest $1.25 million into 125 different projects ($10,000 each). Applications are being accepted on a rolling basis through January 7th, 2025.
According to GitHub, the funding is possible thanks to contributions from Alfred P. Sloan Foundation, American Express, Chainguard, HeroDevs, Kraken, Mayfield Fund, Microsoft, 1Password, Shopify, Stripe, Superbloom, Vercel, Zerodha, and others. GitHub is also continuing to accept partners interested in contributing.
In addition to financial support, maintainers of chosen projects will run through a three-week program to get security education, mentorship, tooling, and certifications. “For some maintainers, being able to get funding would help them free up the time to focus on security; for others, it’s the learnings, experts, and community that can help,” GitHub wrote in a blog post.
Program participants will also be required to check in six and 12 months following the program.
GitHub explained that the funding will be dispersed through GitHub Sponsors, so applications are limited to maintainers in regions supported by GitHub Sponsors, such as the United States, Australia, Canada, Germany, United Kingdom, and 98 other countries.
“Building on learnings from other open source funders and community-driven security practices, the GitHub Secure Open Source Fund is a first-of-its-kind cohort-based program linked to funding. The goal is to improve security for projects in a way that scales, by building a security-minded community of maintainers and funders with shared objectives. The community stands to benefit with reduced security risk, visibility and insights on project security status, and consistent reporting,” GitHub wrote.