The Linux Foundation, a nonprofit organization driving innovation through open source, has announced $12.5 million in grants from Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen the security of the open source software ecosystem. The funding will be managed by Alpha-Omega and the Open Source Security Foundation (OpenSSF), two trusted security initiatives within the Linux Foundation, to develop long-term, sustainable solutions that support maintainers and open source communities worldwide.
With the growing complexity of the security landscape, advances in AI are accelerating the discovery of vulnerabilities in open source software. Many maintainers are now receiving a large influx of automated security findings without adequate resources or tools to triage and remediate them. This investment will enable Alpha-Omega and OpenSSF to work directly with maintainers, making emerging security capabilities practical, accessible, and aligned with existing project workflows. The initiative aims to help maintainers manage security demands while improving the resilience of the entire open source ecosystem.
Michael Winser, Co-Founder of Alpha-Omega, emphasized that the initiative builds on a model where open source security is both normal and achievable, scaling maintainer-centric AI security assistance to hundreds of thousands of projects globally. Greg Kroah-Hartman from the Linux kernel project highlighted that grant funding alone is insufficient, noting that OpenSSF provides the active resources needed to help overworked maintainers process the increasing number of AI-generated security reports.
Steve Fernandez, General Manager of OpenSSF, reiterated the commitment to securing the full lifecycle of open source software. By empowering maintainers directly, the initiative provides the tools, expertise, and standards necessary to prevent issues proactively, fostering a more resilient and secure open source ecosystem for developers and users worldwide.
