This post originally appeared on Alpha-Omega and has been revised for the OpenSSF.
By Alpha-Omega
We’re pleased to share our 2024 annual report. In it we try to convey the great progress in securing open source and our joy in seeing the increased security across so many open source ecosystems.
Open source software isn’t just another piece of technology—it’s the digital bedrock that supports everything from major government operations to the smartphone apps we use every day. Its strength lies in the global network of passionate, too-often-unpaid volunteers who pour their time and expertise into writing and maintaining open source projects. Yet, as we rely on these individuals to secure vital infrastructure, we must acknowledge the immense responsibility they carry and ensure we’re not merely shifting more unpaid work onto their shoulders. By investing in resources, offering support, and creating pathways for sustainable contribution, we can protect and strengthen open source software without placing undue burdens on the very people who make it possible.
To everyone who created, maintained, or contributed to an open source project in 2024, thank you.
In 2024, Alpha-Omega issued nearly $6 million in grants to improve security in key open source projects. Notably we:
- Helped staff security teams at 10 of the most important open source organizations, such as the Python Software Foundation, OpenJS, and RubyGems.
- Provided grants to harden critical infrastructure, such as the Linux kernel, and Homebrew.
- Paid for security audits of foundational technologies.
- Experimented with scaled approaches to finding and fixing vulnerabilities and supported Rust implementations of TLS and the AV1 codec.
- Hosted four roundtable discussions with grant recipients to cross-pollinate expertise and to shape strategies for 2025.
Alpha-Omega is funded by generous and significant donations from Amazon Web Services (AWS), Google, and Microsoft. These grants made it possible to address longstanding security challenges, improve processes, and harden infrastructure within many of the world’s most important open source projects and ecosystems. More importantly, we’ve been able to establish a sustainable culture of security within the communities we work with.
The combination of Alpha-Omega’s grants and the energy, leadership, and commitment of the recipients is a formula that worked and we will continue applying it in 2025.
