Alpha is collaborative in nature, targeting and evaluating the most critical open source projects to help them improve their security postures. These projects include standalone projects and core ecosystem services. They are selected based on the work by the OpenSSF Securing Critical Projects working group using a combination of expert opinions and data, including the OpenSSF Criticality Score and Harvard’s “Census” analysis identifying critical open source software.
For these selected projects, Alpha team members provide tailored help to understand and address security gaps,including threat modeling, automated security testing, source code audits, and support remediating vulnerabilities that are discovered. They also provide help implementing best practices drawn from criteria outlined by the OpenSSF Scorecard and Best Practices Badge projects.
Alpha tracks a series of important metrics providing stakeholders with a better understanding of the security of the open source project they depend on and provides a transparent, standardized view of the project’s security posture and compliance with security best practices.