The Open Source Security Foundation (OpenSSF) has released the annual report for its Alpha-Omega project, an initiative that focuses on identifying and removing vulnerabilities within source code to create a more secure digital environment.
According to OpenSSF, the Alpha-Omega project has become a key player in improving the security infrastructure of open source software, reflecting a proactive approach to cybersecurity in the technology community. Alpha-Omega is sponsored by Google, Microsoft and AWS.
Through 2023, the Alpha-Omega project awarded 10 grants to 8 different organizations, totaling $2,841,968. This marked a significant increase in average grant size to $355,246, a 38% increase compared to the previous year.
Cumulative grants awarded by Alpha-Omega hae now reached $4.9 million, demonstrating the project’s growing commitment to strengthening open source software against potential security threats.
Users include the Python Software Foundation, the Eclipse Foundation, the Rust Foundation, and OpenJS. The specific projects that received grants in 2023 were Eclipse, NodeJS, Rust, Homebrew, OpenSSL, OpenRefactory, Prossimo, and the Linux kernel.
This strategic allocation of resources not only strengthens the security posture of these critical platforms, but also underscores Project Alpha-Omega’s role in preserving the integrity of open source software at a fundamental level, according to OpenSSF.
Another key finding from the report is that Alpha-Omega grants are now matched by direct institutional budgets and fundraising for security staff and projects. Also, Sigstore adoption continues to grow in the open source ecosystem, which the organization believes is a result of increased funding from Alpha-Omega. For example, the Python Software Foundation is now signing releases of Python and CPython with Sigstore, and more ecosystem adoption is coming soon.
Ultimately, Alpha-Omega-funded safety champions improve the safety culture in their communities.