|
| 1 | +--- |
| 2 | +title: "scikit-learn completes the GitHub OSS Fund Training" |
| 3 | +date: August 16, 2025 |
| 4 | +categories: |
| 5 | + - Press |
| 6 | +tags: |
| 7 | + - Open Source |
| 8 | +featured-image: /assets/images/posts_images/gh-oss-fund/gh-oss-blog.png |
| 9 | + |
| 10 | +postauthors: |
| 11 | + - name: Reshama Shaikh |
| 12 | + website: https://reshamas.github.io |
| 13 | + image: reshama_shaikh.jpeg |
| 14 | +--- |
| 15 | + |
| 16 | +<div> |
| 17 | + <img src="{{ page.featured-image }}" alt=""> |
| 18 | + {% include postauthor.html %} |
| 19 | +</div> |
| 20 | + |
| 21 | +## Summary |
| 22 | + |
| 23 | +scikit-learn was honored to be selected to participate in Cohort 2 of the GitHub Secure Open Source Fund (OSF) Training Program. Cohort 1 took place earlier in 2025 with 19 projects, and Cohort 2 took place with 52 projects during June 2025. |
| 24 | + |
| 25 | +It was an intense 3-week intense training program, with over 90 open source maintainers joining the training. Read the announcement from GitHub: [Securing the supply chain at scale: Starting with 71 important open source projects](https://github.blog/open-source/maintainers/securing-the-supply-chain-at-scale-starting-with-71-important-open-source-projects) (11-Aug-2025) |
| 26 | + |
| 27 | +<figure> |
| 28 | + <img src="/assets/images/posts_images/gh-oss-fund/gh-oss-blog.png" alt="logos of 15 funding partners" max-width="50%" max-height="50%" /> |
| 29 | + <figcaption> |
| 30 | + Original post: <a href="https://github.blog/open-source/maintainers/securing-the-supply-chain-at-scale-starting-with-71-important-open-source-projects">GH Secure OSS Announcement</a> |
| 31 | + </figcaption> |
| 32 | +</figure> |
| 33 | + |
| 34 | +### GitHub Security Lab |
| 35 | +GitHub has its own security department, and GitHub Security Lab’s mission is to empower developers and secure open source. |
| 36 | +* GitHub Security Lab: [Resources](https://securitylab.github.com/resources-os) |
| 37 | + |
| 38 | +<figure> |
| 39 | + <img src="/assets/images/posts_images/gh-oss-fund/gh-security-lab.png" alt="GitHub Security Lab" max-width="50%" max-height="50%" /> |
| 40 | + <figcaption> |
| 41 | + Original post: <a href="https://github.com/GitHubSecurityLab">GitHub Security Lab</a> |
| 42 | + </figcaption> |
| 43 | +</figure> |
| 44 | + |
| 45 | + |
| 46 | +## Resources for Security Training |
| 47 | +The training provided many trainings by experts in the field. Below we share trainings that are available to the public. |
| 48 | + |
| 49 | +- [Configuring private vulnerability reporting for a repository](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository) |
| 50 | +>Owners and administrators of public repositories can allow security researchers to report vulnerabilities securely in the repository by enabling private vulnerability reporting. |
| 51 | +- [OpenSSF Scorecard](https://securityscorecards.dev) |
| 52 | +- [Secure by design: A UX toolkit](https://microsoft.design/articles/secure-by-design-a-ux-toolkit) |
| 53 | + |
| 54 | +#### CodeQL: From Zero to Hero |
| 55 | +slides: [Finding Vulnerabilities with CodeQL](https://github.com/sylwia-budzynska/2025-soss-codeql-workshop/blob/main/SOSS-CodeQL-slides.pdf) |
| 56 | + |
| 57 | +<figure> |
| 58 | + <img src="/assets/images/posts_images/gh-oss-fund/CodeQL.png" alt="CodeQL audience and topics covered" max-width="50%" max-height="50%" /> |
| 59 | + <figcaption> |
| 60 | + Original post: <a href="https://github.com/sylwia-budzynska/2025-soss-codeql-workshop">GH Secure OSS Announcement</a> |
| 61 | + </figcaption> |
| 62 | +</figure> |
| 63 | + |
| 64 | +#### Developing Secure Software |
| 65 | +Learn the security basics to develop software that is hardened against attacks, and understand how you can reduce the damage and speed the response when a vulnerability is exploited. This course includes specific tips on how to use and develop open source and other software securely. It was developed by the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices. |
| 66 | + |
| 67 | +* Online, Self Paced |
| 68 | +* 16-20 Hours of Course Material |
| 69 | +* Quizzes and Hands-on Labs |
| 70 | + |
| 71 | +<figure> |
| 72 | + <img src="/assets/images/posts_images/gh-oss-fund/dss-lfd121.png" alt="course: Developing Secure Software" max-width="50%" max-height="50%" /> |
| 73 | + <figcaption> |
| 74 | + Original post: <a href="https://training.linuxfoundation.org/training/developing-secure-software-lfd121">LFD121: Developing Secure Software</a> |
| 75 | + </figcaption> |
| 76 | +</figure> |
| 77 | + |
| 78 | +#### OSS-Fuzz |
| 79 | + |
| 80 | +<figure> |
| 81 | + <img src="/assets/images/posts_images/gh-oss-fund/dss-fuzz.png" alt="OSS-Fuzz" max-width="50%" max-height="50%" /> |
| 82 | + <figcaption> |
| 83 | + Original post: <a href="https://github.com/google/oss-fuzz">OSS-Fuzz</a> |
| 84 | + </figcaption> |
| 85 | +</figure> |
| 86 | + |
| 87 | + |
| 88 | +### Secure Code Game |
| 89 | + |
| 90 | +<figure> |
| 91 | + <img src="/assets/images/posts_images/gh-oss-fund/secure-code-game.png" alt="Secure Code Game" max-width="50%" max-height="50%" /> |
| 92 | + <figcaption> |
| 93 | + Original post: <a href="https://github.com/skills/secure-code-game">Secure Code Game</a> |
| 94 | + </figcaption> |
| 95 | +</figure> |
| 96 | + |
| 97 | + |
| 98 | +### References |
| 99 | +- [Securing the supply chain at scale: Starting with 71 important open source projects](https://github.blog/open-source/maintainers/securing-the-supply-chain-at-scale-starting-with-71-important-open-source-projects) (11-Aug-2025) |
| 100 | +- [GitHub Secure Open Source Fund](https://resources.github.com/github-secure-open-source-fund/) |
| 101 | +- [GitHub launches $1.25M open source fund with a focus on security](https://techcrunch.com/2024/11/19/github-launches-1-25m-open-source-fund-with-a-focus-on-security) (November 2024) |
| 102 | +- [Eclipse Foundation Security Policy](https://www.eclipse.org/security/policy) |
| 103 | +- [Linux Foundation Security Policy](https://www.linuxfoundation.org/security) |
| 104 | + |
| 105 | +### Blogs from other open source projects |
| 106 | +- OpenCV: [https://opencv.org/blog/opencvs-participation-in-the-github-secure-open-source-fund](https://opencv.org/blog/opencvs-participation-in-the-github-secure-open-source-fund) |
| 107 | + |
| 108 | +## Acknowledgments |
| 109 | + |
| 110 | +Thank you to the sponsors of the GitHub Secure Open Source Secure Fund. |
| 111 | + |
| 112 | +<figure> |
| 113 | + <img src="/assets/images/posts_images/gh-oss-fund/ghs-oss-funders.png" alt="Sponsors" max-width="50%" max-height="50%" /> |
| 114 | + <figcaption> |
| 115 | + <a href="https://github.blog/open-source/maintainers/securing-the-supply-chain-at-scale-starting-with-71-important-open-source-projects"></a> |
| 116 | + </figcaption> |
| 117 | +</figure> |
| 118 | + |
| 119 | +Thank you to the ecosystem partners of the GitHub Secure Open Source Secure Fund. |
| 120 | + |
| 121 | +<figure> |
| 122 | + <img src="/assets/images/posts_images/gh-oss-fund/ghs-oss-ecosystem.png" alt="Ecosystem Partners" max-width="50%" max-height="50%" /> |
| 123 | + <figcaption> |
| 124 | + <a href="https://github.blog/open-source/maintainers/securing-the-supply-chain-at-scale-starting-with-71-important-open-source-projects"></a> |
| 125 | + </figcaption> |
| 126 | +</figure> |
| 127 | + |
0 commit comments