ABOUT ALPHA-OMEGA

Alpha is collaborative in nature, targeting and evaluating the most critical open source projects to help them improve their security postures. These projects include standalone projects and core ecosystem services. They are selected based on the work by the OpenSSF Securing Critical Projects working group using a combination of expert opinions and data, including the OpenSSF Criticality Score and Harvard’s “Census” analysis identifying critical open source software.

For these selected projects, Alpha team members provide tailored help to understand and address security gaps,including threat modeling, automated security testing, source code audits, and support remediating vulnerabilities that are discovered. They  also provide help implementing best practices drawn from criteria outlined by the OpenSSF Scorecard and Best Practices Badge projects.

Alpha tracks a series of important metrics providing stakeholders with a better understanding of the security of the open source project they depend on and provides a transparent, standardized view of the project’s security posture and compliance with security best practices.

Omega uses automated methods and tools to identify critical security vulnerabilities across at least 10,000 widely-deployed open source projects. This is accomplished using a combination of technology (cloud-scale analysis), people (security analysts triaging findings) and process (confidentially reporting critical vulnerabilities to the right OSS project stakeholders).

Omega community members provide suggestions on how to automate detection of security vulnerabilities in the future and more generally on efficient ways to implement security best practices.