Skip to main content

📣 Submit your proposal: OpenSSF Community Days: Europe, Korea | Open Source SecurityCon

search
Category

Blog

Jan 29
Love0

Alpha-Omega 2024 Annual Report

By Alpha-Omega, Blog

This post originally appeared on Alpha-Omega and has been revised for the OpenSSF.

By Alpha-Omega

We’re pleased to share our 2024 annual report. In it we try to convey the great progress in securing open source and our joy in seeing the increased security across so many open source ecosystems.

Open source software isn’t just another piece of technology—it’s the digital bedrock that supports everything from major government operations to the smartphone apps we use every day. Its strength lies in the global network of passionate, too-often-unpaid volunteers who pour their time and expertise into writing and maintaining open source projects. Yet, as we rely on these individuals to secure vital infrastructure, we must acknowledge the immense responsibility they carry and ensure we’re not merely shifting more unpaid work onto their shoulders. By investing in resources, offering support, and creating pathways for sustainable contribution, we can protect and strengthen open source software without placing undue burdens on the very people who make it possible.

To everyone who created, maintained, or contributed to an open source project in 2024, thank you.

In 2024, Alpha-Omega issued nearly $6 million in grants to improve security in key open source projects. Notably we:

  • Helped staff security teams at 10 of the most important open source organizations, such as the Python Software Foundation, OpenJS, and RubyGems.
  • Provided grants to harden critical infrastructure, such as the Linux kernel, and Homebrew.
  • Paid for security audits of foundational technologies.
  • Experimented with scaled approaches to finding and fixing vulnerabilities and supported Rust implementations of TLS and the AV1 codec.
  • Hosted four roundtable discussions with grant recipients to cross-pollinate expertise and to shape strategies for 2025.

Alpha-Omega is funded by generous and significant donations from Amazon Web Services (AWS), Google, and Microsoft. These grants made it possible to address longstanding security challenges, improve processes, and harden infrastructure within many of the world’s most important open source projects and ecosystems. More importantly, we’ve been able to establish a sustainable culture of security within the communities we work with.

The combination of Alpha-Omega’s grants and the energy, leadership, and commitment of the recipients is a formula that worked and we will continue applying it in 2025.

Jan 29
Love0

OpenSSF Community Day NA 2025: Call for Proposals Now Open!

By Blog

The Call for Proposals (CFP) for OpenSSF Community Day North America is officially open through March 23, 2025! Co-located with Open Source Summit North America, this event will bring the open source community together in Denver, Colorado, on June 26, 2025, for a full day of engaging discussions and presentations focused on securing the open source software (OSS) supply chain.

Submit your proposal now!

Event Details:

  • When: June 26, 2025
  • Where: Denver, Colorado
  • CFP Deadline: Sunday, March 23, 2025 at 11:59 PM MDT/10:59 PM PDT
  • CFP Notifications: Tuesday, April 1, 2025
  • Types of Presentations: 5, 10, 15, or 20-minute presentations

This is your opportunity to share your expertise and innovative ideas with the community! We’re looking for sessions on topics like:

  • AI & ML in Security
  • Regulatory Compliance
  • Enhancing Security Tools
  • Cyber Resilience
  • Securing the Software Supply Chain
  • Case Studies & Real-World Experiences

*No product/vendor sales pitches — it’s a community-focused event!

For more information on the CFP, visit here. Submit your proposal today!

Interested in Sponsorship? 

We have exciting opportunities available to showcase your support for securing the open source ecosystem. By sponsoring OpenSSF Community Day NA, you’ll gain visibility among key industry leaders, security experts, and the open source community. Join us in driving forward the mission to strengthen the OSS supply chain. Email us at openssfevents@linuxfoundation.org to reserve your sponsorship.

Join Us in Denver! 

Don’t miss out on the opportunity to be part of this vital conversation. Whether you’re submitting a proposal, attending as a participant, or showcasing your support through sponsorship, OpenSSF Community Day NA is the place to connect, collaborate, and contribute to securing the open source software supply chain. We can’t wait to see you in Denver and work together to advance the future of OSS security!

Dec 09
Love0

In the Face of Mounting Regulatory Oversight, Honda and Guidewire Join Industry Leaders Securing Software Development at the Open Source Security Foundation (OpenSSF)

By Blog, Press Release

Growing Member Base and Launch of SOSS Community Day India Continue to Advance Open Source Software Security

Delhi, India – December 10, 2024 – The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation, helps individuals and organizations build secure software by providing guidance, tools, and best practices applicable to all software development. Today, the OpenSSF announced new members from the automotive and insurance technology industries at the first-of-its-kind Secure Open Source Software (SOSS) Community Day India. SOSS Community Day India brings together community members from across the security and open source ecosystem to share ideas and advance solutions for sustainably securing the software we all depend on, building a foundation for a more secure and innovative future.

New general member commitments come from Honda Motor Co., Ltd. and Guidewire Software, Inc. With support from these new organizations, the OpenSSF heads into the last month of 2024 with 126 members that together recognize the importance of backing, maintaining, and promoting secure open source software.

“We are excited to welcome our newest members and celebrate this milestone with the launch of the first SOSS Community Day in India,” said Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair. “India has an incredible open source ecosystem, and this event provides an opportunity to foster collaboration, address shared challenges, and ensure the security of the open source software powering the digital world. Together, we’re building a more secure and innovative future.”

SOSS Community Day India features a packed agenda with sessions led by top experts on topics like education, innovation, tooling, vulnerabilities, and threats. The event not only highlights the OpenSSF community’s ongoing work, but also provides an avenue to expand its reach through new partnerships and memberships, welcoming inquiries from potential collaborators. Participants will see how the OpenSSF community is driving improvements in open source software security and advancing its mission to create a more secure ecosystem for everyone.

General Member Quotes

Honda Motor Co., Ltd.

“Honda is pleased to be able to participate in the OpenSSF project as OSS security becomes increasingly important. In addition to contributing to the OpenSSF community, we look forward to working to strengthen OSS security across the industry in the future.” Yuichi Kusakabe, Chief Architect – IVI software PF/OSPO Tech Lead, Honda Motor Co., Ltd.

Guidewire Software, Inc.

“We’re excited to become a member of OpenSSF,” said Anoop Gopalakrishnan, vice president, Engineering, Guidewire. “This partnership reflects our continued commitment to advancing open source security and collaborating with like-minded innovators to create a more secure and resilient software ecosystem.” 

Additional Resources

  • View the complete list of OpenSSF members.
  • Explore the SOSS Community Day India program schedule to see the lineup of sessions and speakers.
  • To learn more about the OpenSSF community, including information about membership, contribution, project participation, and more, contact us here.

###

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org.

About the Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact
Jennifer Tanner
Look Left Marketing
openssf@lookleftmarketing.com

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get Involved
Close Menu