The GitHub Secure Open Source Fund will award financing to select applicants in a program designed to fuel security and sustainability for open-source projects. Applications are open now and close on January 7. During that time, 125 projects will be selected for a piece of the $1.25 million investment fund, made possible through the participation of American Express, the Alfred P. Sloan Foundation, Chainguard, HeroDevs, Kraken, Mayfield Fund, Microsoft, Shopify, Stripe and others. In addition to monetary support, recipients will be invited to take part in a three-week educational program. Continue reading GitHub Promotes Open-Source Security with Funding Initiative

Senate Homeland Security Committee leaders Gary Peters (D-Michigan) and Rob Portman (R-Ohio) have introduced a bill requiring a risk framework for open-source code. The proposed legislation would require the Cybersecurity and Infrastructure Security Agency to develop the risk evaluation process for open-source software being used by federal agencies and critical infrastructure. The move follows the discovery in December of a vulnerability in the Apache Software Foundation’s popular Log4j Java logging utility. Peters said the Log4j incident presented a serious threat to banks, hospitals, and utility companies, among other national security operations. Continue reading Senate Group Wants CISA to Protect Open-Source Software