In 2023, Alpha-Omega provided ten grants to eight organizations totalling over $2.8 million dollars, with an average grant size of just over $350,000. In partnership with OpenSSF, Alpha-Omega’s mission is to catalyze sustainable security improvements within the most critical open source projects and ecosystems. As a Directed Fund with three continuing stakeholders (Google, Amazon Web Services, and Microsoft), we endeavor to preserve the efficient decision making that has been a hallmark of Alpha-Omega’s success and to make it easier to continue raising funds
In addition to providing funding for security work in critical open source organizations, we experimented with different approaches to finding and fixing vulnerabilities at scale, funded a security audit of OpenSSL, and held roundtables for our grant recipients to share best practices.
We’re proud to release our 2023 Annual Report, which describes our progress and our priorities for 2024.
Download the 2023 Annual Report.
Below are a few key highlights from 2023. The full report also includes updates from each of our grant recipients about their work and progress towards securing open source.
Alpha-Omega grants are now being followed by direct institutional budgets and fundraising for security staffing and projects.
A core principle of Alpha-Omega is that we are a catalyst for change. At the foundation level this means making security budgets first-class citizens and diversifying funding sources. We’ve seen great progress in this area with investments from the Sovereign Tech Fund and the Open Technology Fund. Also, both the Rust Foundation and the Eclipse Foundation have included security in their annual budget process. The Eclipse Foundation is creating a Cybersecurity Risk Initiative Working Group.
Sigstore adoption continues to grow across the open source ecosystem.
Alpha-Omega funding is driving Sigstore adoption at the ecosystem level. The Python Software Foundation now signs Python and CPython releases with Sigstore with more ecosystem adoption coming soon. The Homebrew project is adding Sigstore to its core packages.
Security champions are driving tangible improvements and cultural change at open source foundations.
Alpha-Omega has helped fund security champion roles at the Python Software Foundation, the Eclipse Foundation, and the Rust Foundation. In all cases, we are seeing significant impact as these individuals are incubating a security culture in their respective communities.
How to Get Involved
Alpha-Omega values experimentation. Since the best way to address security risk within the open source community isn’t always clear, we’ll make investments, learn what works and what doesn’t, and refine our approach over time. We welcome community input on the methodologies we use to select projects and the types of activities that may have the greatest impact. We welcome active community participation through a few different forums:
- We hold public meetings once a month and maintain a Slack channel where everyone is welcome to participate.
- All OpenSSF working groups are open to anyone; getting involved there remains the best way to improve the security of the open source ecosystem.
- Reach out to info@alpha-omega.dev to connect with the Alpha-Omega team!