GRANT RECIPIENTS

FreeBSD–the operating system and the global community that develops it–has a reputation gained over 30 years for reliability, stability, and security. The focus will be on two projects: a Code Audit of up to two key subsystems and a development
Process Audit.

As an asynchronous event-driven JavaScript runtime, Node.js is designed to build scalable network applications.

A scope focusing on Python projects. OpenRefactory will collect the top 10,000 projects from PyPi based on the number of downloads over the last year. In
addition, generating attestations, and working with Python SF to create a mechanism that end users can consume the results.

RubyGems is the package management system for the Ruby programming language, used by every Ruby developer and company to create, share, and use gems (Ruby packages). The focus is to improve security for the Ruby language package ecosystem.

The Eclipse Foundation is the leading open source foundation in the Java ecosystem, in addition to hosting significant projects in other areas such as developer tools, IoT/edge and automotive.

In 2022 The Eclipse Foundation was granted $400,000 for the purpose of automation and implementation of security best practices to its hosted projects.

As an asynchronous event-driven JavaScript runtime, Node.js is designed to build scalable network applications.

In 2022 Node.js was granted $275,000 for the purpose of implementing a Security Support Role.

The mission of OpenRefactory is to use artificial intelligence to verify that digital systems are free of critical bugs and vulnerabilities that expose organizations to significant financial and reputational risk.

In 2023 OpenRefactory was granted $50,000 for the purpose of reporting security vulnerabilities at scale in open source projects and work with the maintainers to get the vulnerabilities fixed

The mission of the  Prossimo project is, which focuses on bringing memory safety to critical open source infrastructure

In 2023 ISRG was granted $530,000 for the purpose of moving the most critical software on the Internet to memory safe code.

OpenSSL is a globally distributed cryptography library touching nearly every industry in the world.

In 2023 OpenSSL was granted $127,000 for the purpose of assessments that will be performed by teams of Trail of Bits security consultants for a total of eight engineer-weeks of effort. The secure code review, including fuzzing enhancements, will be performed over a four calendar-week period, for a total of eight engineer-weeks.

Homebrew is the predominant package manager for macOS, with millions of daily users and hundreds of active contributors. Homebrew is also widely used on Linux and preinstalled on GitHub Actions’ hosted runners.

The goal of this project is to add province and package signing to the ecosystem.

The Eclipse Foundation is the leading open source foundation in the Java ecosystem, in addition to hosting significant projects in other areas such as developer tools, IoT/edge and automotive.

In 2022 The Eclipse Foundation was granted $550,000 for the purpose of automation and implementation of security best practices to its hosted projects.

jQuery is a fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility, jQuery has changed the way that millions of people write JavaScript.

In 2022 JQuery was granted $350,000 for the purpose of securing the consumer web, reducing potential security incidents for jQuery by modernizing its consumers and its code.

As an asynchronous event-driven JavaScript runtime, Node.js is designed to build scalable network applications.

In 2022 Node.js was granted $300,000 for the purpose of implementing a Security Support Role.

The mission of the Python Software Foundation is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers.

In 2022 Python was granted $400,000 for the purpose of funding a security audit and the creation of a new Security Developer-in-Residence role.