The Linux Foundation and other companies are putting in millions to help secure open-source software we all rely on


Once your project is approved, progress reports are made approximately once a month. These must include:

A stable URL of a publicly accessible post (e.g., a blog or archived mailing list post) describing what you did that month.
> The post must briefly describe what has been accomplished using the funding since the last invoice. > Include its date and hyperlinks to details. If git commits were involved, include hyperlinks to them. Make it easy for technical people to learn details (e.g., via hyperlinks).
Also briefly describe why this work is important or link to such description(s), for someone who is not intimately familiar with it. Some readers may see your post out of context.
> Give credit, similar to National Public Radio. (e.g., "This work to <X> was [partially] funded by the OpenSSF, Google, and The Linux Foundation.") Thanking others is always polite. We also want people to consider funding OSS security as normal.
> Publicly provide an identifier (a personal name, pseudonym, or project name) of who's doing the work. This simplifies referring to the work. You do not need to reveal your personal name(s) publicly, though you're welcome to do so.

This is a hugely important development in the security side of things.