ossf · steiza · Jun 16, 2025 · Jun 10, 2025 · Jun 10, 2025 · Jun 10, 2025
@@ -0,0 +1,64 @@
+# 2025 Q2 Alpha-Omega
+
+## Overview
+
+Alpha-Omega is fully funded for 2025, with each stakeholder renewing their commitment to our mission - thank you to Amazon, Google, Microsoft, and to our newest (and first!) general member, Citi. We continue to have a healthy pipeline of potential engagements and are thankful for the terrific community that supports and drives our mission.
+
+We recently approved funding for a RubyGems infrastructure hardening, porting [Capslock](https://github.com/google/capslock) to Rust, and implementing trusted publishing for Rust Crates. We're reviewing a handful of proposals for additional funding.
+
+We continue to meet and iterate on the concept of the Open Source Corps of Security Engineers and will be focusing more on package manager sustainability work in the second half of this calendar year.
+
+## Recent Events / News / Blogs / Etc.
+
+* [Strengthening Rust Security with Alpha-Omega: A Progress Update](https://alpha-omega.dev/blog/strengthening-rust-security-with-alpha-omega-a-progress-update/)
+* [Reviewing another year of security partnership between the PSF & Alpha-Omega (Sponsor: Alpha-Omega)](https://www.youtube.com/watch?v=ZbHzU72r3mY)
+* [Airflow Beach Cleaning - Supply Chain Security with Community in Mind](https://www.youtube.com/watch?v=BXkrkneY2-g)
+* [The OpenJS Foundation is now a CVE Numbering Authority (CNA)](https://openjsf.org/blog/openjs-foundation-cna)
+* [OpenJS Security Update: March–April 2025](https://openjsf.org/blog/openjs-security-update-marchapril-25)
+* [Sneak peek: A new ASN.1 API for Python](https://blog.trailofbits.com/2025/04/18/sneak-peek-a-new-asn.1-api-for-python/)
+* [LLMs can't stop making up software dependencies and sabotaging everything](https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/)
+
+## Upcoming Events
+
+* We're partnering with [Sovereign Tech Agency](https://www.sovereign.tech/) to run an all-day Maintain-a-thon at [UN Open Source Week](https://www.un.org/digital-emerging-technologies/content/open-source-week-2025)
+* Alpha-Omega Q2 Roundtable Open Source Summit North America
+* Alpha-Omega Public Meeting - July 2, 2025 -- **please join us - it's on the OpenSSF public calendar**
+
+## Objectives & Key Results
+
+| **Objective #1: Catalyze trustworthy and secure software, runtimes, and infrastructure for all the major open source ecosystems through staffing** | |
+|-|-|
+| **KR1.1**: Fund security improvements and initiatives for at least ten critical open source organizations by the end of 2025. | On Target |
+| **KR 1.2**: For each engagement, confirm progress toward improved security outcomes, evidenced through initial and/or follow-on assessments, monthly reporting, and periodic check-ins. | In Progress |
+| **KR 1.3**: Drive the organizations we work with to obtain security funding from at least one organization other than Alpha-Omega, targeting 33% by the end of 2025. | In Progress |
+| **KR 1.4**: Organize quarterly roundtables for at least 5 major ecosystems  to share information, build connections, and collaborate, resulting in at least one new project or joint publication started in 2025. | Started |
+| **KR1.5**: Scaling adoption, consumption, value of OSS Security projects, getting to sustainability tipping points. | In Progress |
+|-|-|
+| **Objective #2: The top 10,000 open source projects are free of critical security vulnerabilities** | |
+| **KR2.1**: Create and collect open data sets of security-related data for open source projects to make the development of scaled security tooling easier and to make the results more consistent. | Started |
+| **KR2.2**: Expand the "beach cleaning" approach to at least 3 new projects and develop tooling and playbooks to make it easier and cheaper to do for any project | Started |
+| **KR2.3**:  Create an open source "Corps of Engineers" group of security expert engineers who can work within and across their communities to provide security guidance to smaller projects in times of crisis. | In Progress |
+|-|-|
+| **Objective #3: Enhance Alpha-Omega's effectiveness in innovation, experimentation, and marketing** | |
+| **KR3.1**: By the end of 2025, run three experiments to explore new strategies for reducing security risk within the open source ecosystems, share the results/ learnings, using them to refine our overall strategy and objectives for 2026. | Not Started |
+| **KR3.2**: More active internal marketing to stakeholders targeted at specific teams through infographics and marketing assets. | Started |
+| **KR3.3**: Continue our progress from 2024 on auditing and improving the security of the top open source AI libraries by developing guidance for organizations that use them to do so securely. | On Target |
+|-|-|
+| **Objective #4: Run an operationally efficient, growing, and effective program** | |
+| **KR4.1**: Allocate at least 85% of our yearly spend to activities directly in support of our mission. | On Target |
+| **KR4.2**: Receive at least $5 million in renewed funding in 2025. | Completed |
+| **KR4.3**: For each partner engagement, at least 70% of the objectives defined within the respective agreement are met within the defined time period. | In Progress |
+| **KR4.4**: Develop and deliver quarterly reports. Increase engagement/interest across stakeholders, grant recipients, and other target orgs. | On Target |
+| **KR4.5**: Jointly fund 3-5 engagements in partnership with other organizations (e.g. Sovereign Tech Agency). | In Progress |
+
+## Reporting
+
+Our next quarterly report will be published next month at [monthly](https://alpha-omega.dev/resources/reports/).
+
+### Questions/Issues for the TAC
+
+None at this time
+
+## Additional Information
+
+N/A