cdxgen and CycloneDX .NET Join GitHub Secure Open Source Fund

FRIEND OWASP Blog August 11, 2025

Summary

Two key open-source projects, cdxgen and CycloneDX .NET, have been selected for the GitHub Secure Open Source Fund (SOSF). This program provides funding, tools, training, and expert support to strengthen the security of critical open-source dependencies that are vital to software supply chains. The participation will help these projects enhance their security processes, including incident response, CI/CD pipeline security, and threat modeling.

IFF Assessment

FRIEND

The article details participation in a program designed to improve the security of open-source software, which is beneficial for defenders relying on these components.

Defender Context

The inclusion of projects like cdxgen and CycloneDX .NET in the GitHub Secure Open Source Fund is a positive development for software supply chain security. Defenders should be aware of efforts to secure these foundational components, as improvements here directly contribute to reducing the risk of vulnerabilities and exploits originating from widely used libraries and tools.

Read Full Story →