Welcome!
Through Alpha-Omega, we aim to meaningfully improve the security of the open source software projects that we all depend so deeply upon.
Alpha will work with the maintainers of the most critical open source projects to help them identify and fix security vulnerabilities, and improve their security posture.
Omega will identify at least 10,000 widely deployed OSS projects where it can apply automated security analysis, scoring, and remediation guidance to their open source maintainer communities.
To learn more, view the Alpha-Omega home page or watch our kickoff webinar video below:
We have active engagements with the following projects:
For more information on Alpha, see alpha/README.md.
Through Omega, we identify security issues in the top 10,000 (or more) most-critical open source projects. We do this through engineering and expert analysis.
We're currently hiring! If you're interested in joining our team, please see our job posting for a Security Researcher.
The Omega project is still getting started, stay tuned for more information, or learn more at omega/README.md.
We usually meet on the first Wednesday of each month at 1:00pm PT. You can find the meeting invite link on the OpenSSF Community Calendar.
The CHARTER.md outlines the scope and governance of this project's activities.
The Alpha-Omega core team members include:
- Michael Scovetta (Microsoft)
- Bob Callaway (Google)
- Yesenia Yser (Alpha-Omega)
- Jonathan Leitschuh (Alpha-Omega)
- Annapurna Veeramachaneni (Citi)
- Brian Behlendorf (OpenSSF)
We're grateful to the Linux Foundation and OpenSSF for providing additional support, including:
- David A. Wheeler
- Michelle Martineau
- Jennifer Bly
- Khahil White
The three components and good starting points of Omega Toolchain are the following:
You can get involved by engaging with us in various ways:
- Slack: We watch the #alpha_omega Slack channel.
- Monthly Meeting: Come and talk to us directly.
- Mailing List: Join the alpha-omega-announcements mailing list to be notified of upcoming developments.
- Contact Us: Let us know you'd like to get involved.