Tech Giants Invest $12.5 Million in Open Source Security

The Linux Foundation on Tuesday announced receiving $12.5 million in grant funding from major tech companies to advance open source security. The funds came from Anthropic, Amazon Web Services (AWS), GitHub, Google, Google DeepMind, Microsoft, and OpenAI, and will be managed by the foundation’s security initiatives Alpha-Omega and Open Source Security Foundation (OpenSSF). According to the Linux Foundation, the funding will support the development of long-term security solutions for the entire open source ecosystem. The grants, it says, came at a time when AI is fueling an uptick in the speed and scale of vulnerability discovery in open source. The increasingly complex security landscape, it says, results in maintainers being flooded by security findings without the resources to effectively triage and address them. Using the fresh funding, Alpha-Omega and OpenSSF will collaborate with maintainers and with open source communities worldwide to provide them with accessible and practical emerging security capabilities that align with existing project workflows. The funds will be invested in sustainable strategies to help maintainers with the management of growing security demands and to improve the resilience of the open source ecosystem. “Open source software is a critical part of the modern technology landscape. As AI accelerates both software development and the discovery of vulnerabilities, the industry must step up to protect this shared infrastructure. This collaboration represents an important step in democratizing AI-powered defenses,” said Microsoft Azure CTO and Deputy CISO Mark Russinovich. “By directly empowering the maintainers, we have an extraordinary opportunity to ensure that those at the front lines of software security have the tools and standards to take preventative measures to stay ahead of issues and build a more resilient ecosystem for everyone,” OpenSSF GM Steve Fernandez said. Related: RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool Related: Docker Makes 1,000 Hardened Images Free and Open Source Related: From Open Source to OpenAI: The Evolution of Third-Party Risk Related: Open Source CISA Tool Helps Defenders With Hacker Containment, Eviction WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Security Firm Executive Targeted in Sophisticated Phishing Attack China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation Threat Actor Targeting VPN Users in New Credential Theft Campaign ForceMemo: Python Repositories Compromised in GlassWorm Aftermath Critical HPE AOS-CX Vulnerability Allows Admin Password Resets Bold Security Emerges From Stealth With $40 Million in Funding Google Paid Out $17 Million in Bug Bounty Rewards in 2025 Onyx Security Launches With $40 Million in Funding Latest News UK Companies House Exposed Details of Millions of Firms  Surf AI Raises $57 Million for Agentic Security Operations Platform Robotic Surgery Giant Intuitive Discloses Cyberattack 174 Vulnerabilities Targeted by RondoDox Botnet Google, Meta, Microsoft Among Signatories of Pact to Combat Scams Tracebit Raises $20M for Cloud-Native Deception Technology CISA Flags Year-Old Wing FTP Vulnerability as Exploited AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security And Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move Nudge Security has appointed Patrick Dillon as Chief Revenue Officer. Arctic Wolf has named Will May as its Chief Revenue Officer. Palo Alto Networks has named Danielle Gonzalez as its new Chief People Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email