Welcome to the first issue of Open Source Funded, a weekly roundup of grants, sponsorships, endowments, and other financial support for open source projects and the institutions around them.
This opening issue reflects one clear editorial bias: we are prioritizing pure open source projects, foundations, and shared infrastructure over startup fundraising rounds.
The strongest project-focused funding signals this week
Linux Foundation, OpenSSF, and Alpha-Omega announced $12.5 million for open source security
The biggest headline in the source list is the $12.5 million grant funding announcement tied to open source security. The Linux Foundation and OpenSSF positioned it as support for securing critical open source infrastructure, which makes it highly relevant to maintainers even if the money is being organized at the ecosystem level.
This is exactly the kind of top-down funding signal worth tracking: it is non-dilutive, mission-aligned, and aimed at shared public goods.
GitHub expanded its Secure Open Source Fund by $5.5 million
GitHub's $5.5 million expansion of the Secure Open Source Fund also matters because it is explicitly structured around support for open source security work. Instead of treating the announcement as platform PR, the better lens is this: more money is being routed into real maintenance and hardening work for open source projects.
Source: GitHub blog
Keycloak and evcc show what project-level support looks like
The broader Secure Open Source Fund announcement becomes more useful when paired with project-specific posts. Two collected links are especially helpful here:
Keycloak published its own note about receiving support through the GitHub Secure Open Source Fund.
evcc also documented support through the same program.
That kind of project-level writeup is important because it turns an abstract funding pool into something visible and concrete. Over time, these are the links that make it possible to see which funding programs are actually reaching maintainers.
Sources: Keycloak, evcc, GitHub Secure Open Source Fund repo
Foundations and public-interest support worth watching
Python Software Foundation received $1.5 million from Anthropic
One of the clearest examples of direct support to a foundational open source institution is the $1.5 million contribution to the Python Software Foundation from Anthropic.
That stands out because Python is not a niche project and does not need a story about product-market fit. It is already critical infrastructure. The interesting part is that major AI companies are starting to publicly fund the foundations behind the ecosystems they depend on.
Sources: Help Net Security, It’s FOSS, Simon Willison
NLnet selected 44 projects for the NGI Zero Commons Fund
NLnet's 44-project NGI Zero Commons Fund batch is one of the best examples in the list of funding being spread across many smaller open source efforts rather than concentrated in a single institution.
This is the opposite of startup financing logic. Instead of backing one company to dominate a market, the goal is to strengthen a wider commons.
Sources: NLnet announcement, APC coverage
Open VSX continues to attract backing as neutral shared infrastructure
The Eclipse Foundation announcement around Open VSX Registry is not a conventional grant notice, but it is still exactly the kind of signal this newsletter should follow. Open VSX is shared ecosystem infrastructure, and strategic backing for neutral registries matters because so many downstream tools depend on them.
The fact that the registry now exceeds 300 million monthly downloads makes the support story more significant, not less.
Source: Eclipse Foundation announcement
Structural experiments in funding maintainers
The Open Source Endowment launched with more than $750,000
The Open Source Endowment is still early, but it is one of the most interesting ideas in the source list because it is trying to create a longer-term funding base for maintainers rather than another short-lived sponsorship cycle.
Launching with $750,000+ is not enough to solve the problem on its own, but it is enough to make the experiment worth following.
Sources: TechCrunch, The Register, OpenSource For You
Open Source and the Iceberg Theory
A strong companion piece for this issue is ACM Queue's "Open Source and the Iceberg Theory" by Alyssa Wright and Stephen Augustus.
The article argues that dependency management is too shallow a frame for understanding open source risk. Most organizations can see only the tip of the iceberg: direct dependencies. The larger risk sits below the surface in transitive dependencies, maintainer capacity, end-of-life risk, and the general health of the communities sustaining critical software.
That framing fits this newsletter well because it explains why funding news matters. Grants, sponsorships, and endowments are not just nice signals. They are part of whether important projects remain maintainable, secure, and governable over time.
The article also ties familiar incidents such as Heartbleed, left-pad, Log4j, core-js, and XZ Utils to broader stewardship failures. That makes it a useful lens for evaluating which funding announcements are genuinely meaningful and which are mostly surface-level.
Source: Open Source and the Iceberg Theory — ACM Queue
Three takeaways from issue #1
Security funding is still the easiest place to find large open source grants. The OpenSSF and GitHub announcements both reinforce that.
Project-level posts matter. Keycloak and evcc are valuable because they show how high-level funding programs reach actual open source teams.
The strongest long-term signals are around institutions and commons. Python, NLnet, Open VSX, the Open Source Endowment, and the stewardship concerns raised in the ACM Queue article all point toward support for shared infrastructure rather than one-off product stories.
For future issues, we'll bias the main roundup toward foundations, maintainers, registries, public-interest projects, and directly funded open source work, while also including the occasional article that helps explain the deeper economics and stewardship problems underneath the news.