DARPA has launched a $50 million initiative to fund the development and maintenance of critical open source security tools used throughout the technology ecosystem. The program recognizes that much of the world's cybersecurity infrastructure depends on volunteer-maintained open source projects.
Initial funding targets include improvements to OpenSSL, Linux kernel security features, Wireshark, YARA rules, and the OWASP suite of web security tools. The program also funds new projects including AI-powered vulnerability detection and automated patch generation.
The initiative responds to high-profile incidents like the XZ Utils backdoor attempt, which revealed how supply chain attacks can target critical open source infrastructure. By providing dedicated funding, DARPA aims to ensure that foundational security tools are properly maintained and audited.
Selected projects receive multi-year funding for full-time developers, security auditors, and infrastructure costs. The program also supports community building through bug bounties, security competitions, and training programs for new contributors.
The open source security community has responded enthusiastically. "For years, critical security tools have been maintained by volunteers working nights and weekends," says OpenSSL maintainer Mark Cooper. "This funding allows us to do the work properly and at the pace threats demand."
