--- robots: noindex, nofollow --- # Grants for Open-Source Software Provenance & Supply Chain Security ## Private Foundation & Corporate Grant Programs ### OpenSSF Alpha-Omega Project [Program Details & Application](https://openssf.org/alpha-omega/) The Alpha-Omega initiative (part of the Linux Foundation’s Open Source Security Foundation) provides substantial grants to critical open-source projects to improve their security. It targets widely-used components (e.g. programming language ecosystems, core libraries) for supply chain hardening and vulnerability remediation. In 2023 alone, Alpha-Omega issued **ten grants totaling over $2.8 million** (average ~$350K each) to help projects like Rust, Node.js, jQuery, and OpenSSL improve security. Grants have funded threat modeling, secure build infrastructure, security audits, and dedicated security staff for these open-source ecosystems. - **Funding Amount:** Hundreds of thousands of dollars per project. - **Eligibility:** There isn’t a public open call; instead, Alpha-Omega proactively identifies and funds critical OSS projects. - **Deadline:** Rolling. ### GitHub Secure Open Source (SOSS) Fund [Program Details & Application](https://github.blog/2022-05-19-introducing-the-github-microgrants-program/) GitHub’s Secure Open Source Fund offers **micro-grants and support to open-source maintainers** to boost software supply chain security. Maintainers of any open-source project (individuals or teams up to 3) can apply, as long as the project is under an open-source license and has some community adoption. - **Funding Amount:** $10,000 per project. - **Eligibility:** Open-source maintainers with GitHub-hosted projects. - **Deadline:** Rolling. ### Mozilla Technology Fund (MTF) [Program Details & Application](https://foundation.mozilla.org/en/what-we-fund/technology-and-society/) The Mozilla Foundation’s MTF is an open call grant program supporting open-source technologists working on “pressing issues” that align with Mozilla’s mission. Each call has a theme – for example, the **2022** cohort focused on **“Bias and Transparency in AI”**, **2023** on **open-source auditing tools for AI systems**, and **2024** on **“AI and Environmental Justice.”** - **Funding Amount:** Up to $50,000 per project. - **Eligibility:** Open-source security and transparency tools. - **Deadline:** Thematic calls; announced periodically. ### Sovereign Tech Fund (Germany) [Program Details & Application](https://sovereigntechfund.de/en/) Backed by the German federal government, the Sovereign Tech Fund provides grants to strengthen open-source infrastructure, with a strong emphasis on security and resilience. Selected teams received **up to €300,000** (approx. $320K) for a 4–8 month project, with an initial 4-month phase and potential 4-month extension. - **Funding Amount:** Up to €300,000 (~$320K). - **Eligibility:** Open-source infrastructure and security projects. - **Deadline:** Calls for proposals periodically. ## Government Grant Programs ### NSF Safe-OSE Program [Program Details & Application](https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=505897) The National Science Foundation’s *Safety, Security, and Privacy of Open-Source Ecosystems* (Safe-OSE) program is a major grant opportunity specifically targeting open-source supply chain security. - **Funding Amount:** Up to $1.5M over 2 years. - **Eligibility:** US-based commercial and nonprofit organizations. - **Deadline:** Annually in April. ### NSF SBIR/STTR (America’s Seed Fund) [Program Details & Application](https://seedfund.nsf.gov/) NSF’s Small Business Innovation Research program offers **non-dilutive grants to for-profit small businesses** developing innovative technologies, including software security solutions. - **Funding Amount:** Up to $305K (Phase I); up to $1.25M (Phase II). - **Eligibility:** US small businesses with R&D potential. - **Deadline:** 3 cycles per year. ### DHS Silicon Valley Innovation Program (SVIP) [Program Details & Application](https://www.dhs.gov/science-and-technology/svip) The Department of Homeland Security’s SVIP is an innovation funding program that **targets startups (U.S. or international)** with tech that addresses homeland security needs. - **Funding Amount:** Up to $2M over 4 phases. - **Eligibility:** Startups with innovative cybersecurity technologies. - **Deadline:** Rolling while topic calls are open. ### Other Government Programs - **DoD & DoE Grants:** Focused on cybersecurity, software assurance, and supply chain security. - **NSF SaTC:** Academic research funding with university partnerships. - **EU Horizon Europe:** Security-by-design and open-source security funding. ## Summary These grants provide funding ranging from $10K to multimillion-dollar awards for mission-driven open-source security projects. Interested applicants should monitor deadlines and eligibility criteria on program websites.