The Linux Foundation has announced it will use $12.5 million in grants to develop long-term, sustainable security solutions that support open source communities worldwide.
This is necessary, the foundation said in its announcement, because rapid advances in AI have created a more complex security landscape with vulnerabilities being found in much greater numbers, leaving security teams having to assess and remediate a growing list of issues.
The funding for the initiative comes from Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen the security of the open source software ecosystem. Alpha-Omega and the Open Source Security Foundation (OpenSSF), trusted security initiatives within the Linux Foundation., will manage the funding.
According to the announcement, “Through this investment, Alpha-Omega and OpenSSF will work directly with maintainers and their communities to make emerging security capabilities accessible, practical, and aligned with existing project workflows. The effort will support sustainable strategies that help maintainers manage growing security demands while improving the overall resilience of the open source ecosystem.”
“Our commitment remains focused: to sustainably secure the entire lifecycle of open source software.”
“Alpha-Omega was built on the idea that open source security should be both normal and achievable. By funding audits and embedding security experts directly into the ecosystem, we’ve proven that targeted investment works,” said Michael Winser, Co-Founder of Alpha-Omega. “Now, we’re scaling that expertise. We are excited to bring maintainer-centric AI security assistance to the hundreds of thousands of projects that power our world.”
Linux kernet developer Greg Kroah-Hartman said the the funding by itself won’t solve the problems AI tools are creating, but noted that OpenSSF has the resources to support projects that will help open source maintainers triage and process the growing volume of security reports that teams are getting.
Mark Ryland, director of AWS Security, said of Alpha-Omega in the announcement: “Over the past four years, our work with Alpha-Omega has proven it can deliver real results for the open source ecosystem at scale—from helping the Rust Foundation deploy Trusted Publishing to enabling critical vulnerability fixes across Node.js and PyPI. We are excited to increase our investment in Alpha-Omega and to work with our collaborators and directly with maintainers to provide not just funding, but the right tools and expertise that projects actually need to handle AI-generated security reports at scale.”
To learn more about open source security initiatives at the Linux Foundation, please visit openssf.org and alpha-omega.dev.
