FreeBSD–the operating system and the global community that develops it–has a reputation gained over 30 years for reliability, stability, and security. The focus will be on two projects: a Code Audit of up to two key subsystems and a development
Process Audit.
GRANT RECIPIENTS
Grant recipients provide monthly updates through the public GitHub repository.
VIEW THEIR PROGRESS2024 ALPHA GRANT RECIPIENTS
FreeBSD
NODE JS
As an asynchronous event-driven JavaScript runtime, Node.js is designed to build scalable network applications.
OPENREFACTORY
A scope focusing on Python projects. OpenRefactory will collect the top 10,000 projects from PyPi based on the number of downloads over the last year. In
addition, generating attestations, and working with Python SF to create a mechanism that end users can consume the results.
RubyCentral
RubyGems is the package management system for the Ruby programming language, used by every Ruby developer and company to create, share, and use gems (Ruby packages). The focus is to improve security for the Ruby language package ecosystem.
2023 ALPHA GRANT RECIPIENTS
ECLIPSE V2
The Eclipse Foundation is the leading open source foundation in the Java ecosystem, in addition to hosting significant projects in other areas such as developer tools, IoT/edge and automotive.
In 2022 The Eclipse Foundation was granted $400,000 for the purpose of automation and implementation of security best practices to its hosted projects.
NODE JS
As an asynchronous event-driven JavaScript runtime, Node.js is designed to build scalable network applications.
In 2022 Node.js was granted $275,000 for the purpose of implementing a Security Support Role.
OPENREFACTORY
The mission of OpenRefactory is to use artificial intelligence to verify that digital systems are free of critical bugs and vulnerabilities that expose organizations to significant financial and reputational risk.
In 2023 OpenRefactory was granted $50,000 for the purpose of reporting security vulnerabilities at scale in open source projects and work with the maintainers to get the vulnerabilities fixed
OPEN SOURCE TECHNOLOGY IMPROVEMENT FUND (PROSSIMO)
The mission of the Prossimo project is, which focuses on bringing memory safety to critical open source infrastructure
In 2023 ISRG was granted $530,000 for the purpose of moving the most critical software on the Internet to memory safe code.
OPENSSL
OpenSSL is a globally distributed cryptography library touching nearly every industry in the world.
In 2023 OpenSSL was granted $127,000 for the purpose of assessments that will be performed by teams of Trail of Bits security consultants for a total of eight engineer-weeks of effort. The secure code review, including fuzzing enhancements, will be performed over a four calendar-week period, for a total of eight engineer-weeks.
HOMEBREW
Homebrew is the predominant package manager for macOS, with millions of daily users and hundreds of active contributors. Homebrew is also widely used on Linux and preinstalled on GitHub Actions’ hosted runners.
The goal of this project is to add province and package signing to the ecosystem.
2022 ALPHA GRANT RECIPIENTS
ECLIPSE
The Eclipse Foundation is the leading open source foundation in the Java ecosystem, in addition to hosting significant projects in other areas such as developer tools, IoT/edge and automotive.
In 2022 The Eclipse Foundation was granted $550,000 for the purpose of automation and implementation of security best practices to its hosted projects.
JQUERY
jQuery is a fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility, jQuery has changed the way that millions of people write JavaScript.
In 2022 JQuery was granted $350,000 for the purpose of securing the consumer web, reducing potential security incidents for jQuery by modernizing its consumers and its code.
NODE JS
As an asynchronous event-driven JavaScript runtime, Node.js is designed to build scalable network applications.
In 2022 Node.js was granted $300,000 for the purpose of implementing a Security Support Role.
PYTHON SOFTWARE FOUNDATION
The mission of the Python Software Foundation is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers.
In 2022 Python was granted $400,000 for the purpose of funding a security audit and the creation of a new Security Developer-in-Residence role.
RUST
Rust is a multi-paradigm, high-level, general-purpose programming language. Rust emphasizes performance, type safety, and concurrency.
In 2022 Rust was granted $460,000 for the purpose of facilitating collaborative work with corporate participants for the benefit of the whole Rust ecosystem.