> Financial commitments from Premier members include Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMware. Additional commitments come from General members Aiven, Anchore, Apiiro, AuriStor, Codethink, Cybertrust Japan, Deepfence, Devgistics, DTCC, GitLab, Goldman Sachs, JFrog, Nutanix, StackHawk, Tencent, TideLift, and Wind River.
> Following a meeting with government and industry leaders at the White House, OpenSSF is excited to announce the Alpha-Omega Project to improve the security posture of open source software (OSS) through direct engagement of software security experts and automated security testing. Microsoft and Google are supporting the Alpha-Omega Project with an initial investment of $5 million.. “Omega” will identify at least 10,000 widely deployed OSS projects where it can apply automated security analysis, scoring, and remediation guidance to their open source maintainer communities.
Eclipse manages a distribution of Java and the Jakarta libraries, formerly known as JavaEE/J2EE. Arguably Jakarta is a larger footprint, since pretty much every enterprise-like library or application derives functionality from it.
Are OpenSFF members using Eclipse sub-projects in the financial services industry? In automotive/embedded, Eclipse hosts the safety-certified OSS ThreadX RTOS (formerly Azure RTOS), which runs on 10B+ devices, https://finance.yahoo.com/news/eclipse-foundation-showcases-...
It would be helpful for projects funded by OpenSSF Omega to publish details on how they prioritized use of the funds to improve supply chain security within each project.
I expect the pay awards are based on the various OSS foundation thingies lobbying.
But protecting dev environments makes sense. Think how many supply chains an attacker can compromise if they can get at random dumb developer machines...
OpenSSF members: https://openssf.org/about/members
2021, $10MM, https://openssf.org/press-release/2021/10/13/open-source-sec...
> Financial commitments from Premier members include Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMware. Additional commitments come from General members Aiven, Anchore, Apiiro, AuriStor, Codethink, Cybertrust Japan, Deepfence, Devgistics, DTCC, GitLab, Goldman Sachs, JFrog, Nutanix, StackHawk, Tencent, TideLift, and Wind River.
2022, $5MM for 10,000 OSS projects, https://openssf.org/press-release/2022/02/01/openssf-announc...
> Following a meeting with government and industry leaders at the White House, OpenSSF is excited to announce the Alpha-Omega Project to improve the security posture of open source software (OSS) through direct engagement of software security experts and automated security testing. Microsoft and Google are supporting the Alpha-Omega Project with an initial investment of $5 million.. “Omega” will identify at least 10,000 widely deployed OSS projects where it can apply automated security analysis, scoring, and remediation guidance to their open source maintainer communities.
2022+2023, $4.8MM disbursed to ten (not 10K?) OSS projects, https://openssf.org/blog/2024/02/16/alpha-omega-2023-annual-... & https://openssf.org/blog/2022/12/14/alpha-omega-project-firs...