Securing the AI software supply chain: Security results across 67 open source projects

Modern software heavily relies on open source projects, which form the backbone of many production systems across industries such as AI, mobile, and cloud computing. The GitHub Secure Open Source Fund aims to secure these foundational components by providing funding, resources, and training to maintainers, thereby enhancing the security of the global software supply chain. This initiative links financial support to verified security outcomes, enabling maintainers to perform proactive security work and reduce systemic risks. In its third session, the Fund supported 67 projects, focusing on core programming languages, infrastructure libraries, build systems, and data science tools, achieving measurable security improvements. The program emphasizes the importance of shifting security from a reactive to a proactive practice, fostering a shared infrastructure mindset among developers. By securing open-source projects, the initiative seeks to protect millions of builds daily, ultimately making the software ecosystem more resilient and trustworthy.