Alpha-Omega: What We've Learned From Funding Open Source Security Over the Past 3Years, What's Ahead
CVE/FIRST VulnCon 2025 · Main Stage
In this VulnCon talk, Michael Windsor, co-founder of Alpha-Omega, a project under the Linux Foundation, shared profound insights from three years of dedicated efforts to bolster open-source software security. Co-founded by Google and Microsoft, and later joined by Amazon and City, Alpha-Omega's mission extends beyond mere funding; it aims to catalyze sustainable change within open-source ecosystems. Windsor's presentation delves into the triumphs, challenges, and evolving strategies employed by Alpha-Omega to address the pervasive security vulnerabilities in the digital supply chain.
AI review
Michael Windsor delivers a candid, experience-grounded retrospective on three years of Alpha-Omega's open source security funding program. This is a strategic/operational case study, not a technical research drop — and judged on those terms, it earns its slot. The talk has genuine intellectual honesty: Windsor admits early assumptions were wrong, explains why broad static analysis failed, and articulates a coherent evolved strategy. The 'Security Engineer in Residence' model, the 'fix, fork, or forgo' framework, and the cross-ecosystem trusted publishing collaboration are real, transferable…