GitHub presents an in-depth discussion with Kevin Crosby about the Secure Open Source Fund and its efforts to advance supply chain security, covering funding, AI-driven security tools, and how maintainers and partners can get involved.

Open Source Friday: GitHub Secure Open Source Fund and the Future of Supply Chain Security

Recorded Live at GitHub Universe 2025

In this episode, Kevin Crosby (GitHub) introduces the GitHub Secure Open Source Fund and explores its wide-reaching impact on securing the open source software supply chain.

Key Topics Covered

  • What is the GitHub Secure Open Source Fund?
    • Initiative to help open source maintainers strengthen supply chain security.
    • Provides $10,000 per project, structured as a 12-month sprint with regular check-ins.
    • Supports 130+ projects and 219 maintainers to date, addressing over 1,100 vulnerabilities.
  • How the Fund Works
    • Projects selected through referrals and applications, curated for diverse impact.
    • Maintainers receive both funding and hands-on security training—focused on security best practices and incident response readiness.
    • Emphasis on real-world challenges faced by maintainers.
  • The Role of AI in Open Source Security
    • GitHub Copilot and other AI-powered features support maintainers in identifying and fixing security vulnerabilities.
    • Uses automated scanning, autofix, and fuzzing to discover and address risks at scale.
  • Achievements So Far
    • Three completed sessions; more than 1,100 vulnerabilities found and fixed in essential open source components.
    • Security practices have been strengthened across a broad range of projects.
  • What’s Next for the Fund?
    • Plans to expand, with session four scheduled for early 2026.
    • Continuous fundraising and program improvements to scale support to thousands of projects.
    • Information on how partners, sponsors, and maintainers can apply or get involved.

For more details or to apply, refer to the GitHub Secure Open Source Fund resources and links shared during the session.

Presented by GitHub and Kevin Crosby at GitHub Universe 2025.