How may open source libraries have auditing budgets?

I expect we're about to find that it's a lot easier to convince a company to spend money running an AI security scan of their dependencies and sharing the results with the maintainers than it is to have them give those maintainers money directly.

(I just hope they can learn to verify the exploits are valid before sharing them!)

▲

Mordisquitos 16 hours ago | parent | prev [-]

Their commercial users have auditing budgets.

▲

dspillett 16 hours ago | parent [-]

Does your ideal world have an easy path to citizenship?

I might like to live there.

▲

raincole 10 hours ago | parent [-]

> SAN FRANCISCO – March 17, 2026 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced $12.5 million in total grants from Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen the security of the open source software ecosystem.

https://openssf.org/tag/google

"But that's Linux, how small libraries get audit budget..." fortunately LLM has eliminated the need to have small libraires in your dependency chain.

	▲	techpression 3 hours ago \| parent [-]
		It’s almost cute how insignificantly small that amount is considering the companies named. Great for The Linux Foundation of course, but it still feels like they are being cheap as heck.