Announcing the Search for a DSF Executive Director

The Django Software Foundation said six Django agencies pledged $47,500 to fund the foundation's first Executive Director, a paid role intended to expand operations, fundraising, grants, and long-term framework sustainability.

Added: ; Published: ; Source: Djangoproject

Element recognised as a Digital Public Good

Element said the Digital Public Goods Alliance recognized Element as a Digital Public Good, and used the announcement to urge governments relying on Matrix-based open source communications to fund upstream vendors and the Matrix.org Foundation.

Added: ; Published: ; Source: Element

Why is wolfSSL reporting so many CVEs?

wolfSSL explains that AI-driven vulnerability discovery has sharply increased the volume and severity of CVEs it reports per release, while AI slop reports have strained open source maintainers and the CVE system.

Added: ; Published: ; Source: Wolfssl

FreeBSD AI-assisted Vulnerability Discovery Project launch

The FreeBSD Foundation launched a six-month AI-assisted vulnerability discovery project funded by an Alpha-Omega grant, paying FreeBSD Security Team members under fixed-term contracts to find and manually patch exploitable vulnerabilities.

Added: ; Published: ; Source: Freebsdfoundation

An Interview with the Executive Director of The PHP Foundation

Vonage interviewed PHP Foundation executive director Elizabeth Barron about the foundation's work, PHP community sustainability, conference support, and the burden AI-assisted security and coding tools are putting on open source maintainers.

Added: ; Published: ; Source: Vonage

Did AI Just Break Software Security For Ever?

Foojay argues that AI-assisted vulnerability discovery is upsetting the security equilibrium for widely used software, citing curl's AI-generated bug-report burden, Jazzband's burnout, and the need for commercial support or migration plans for end-of-life dependencies.

Added: ; Published: ; Source: Foojay

Linux Finally Ends AppleTalk Protocol Support

Phoronix reports that the Linux kernel is dropping AppleTalk protocol support after maintainers received a surge of AI-generated patches for obsolete networking code that Apple itself stopped supporting years ago.

Added: ; Published: ; Source: Phoronix

Chainguard Launches Athena, the Industry Coalition to Fix Open Source Vulnerabilities Before Attackers Can Find Them

Chainguard and founding members including BNY, Cisco, Cloudflare, Docker, JPMorganChase, Kyndryl, LTIMindtree, and PwC launched Athena, an industry coalition to coordinate AI-era open-source vulnerability findings and fixes, saying it has already processed more than 20,000 findings and generated over 2,000 patches across 500 projects.

Added: ; Published: ; Source: Prnewswire

Making Sure Open Science Stays Open

Issues in Science and Technology discusses the funding and governance needed to keep open research data infrastructure running, including Dryad and Invest in Open Infrastructure's work on open-source systems for research communities.

Added: ; Published: ; Source: Issues

Why AI-Generated Code Is a Security Risk in Open Source Projects

TFiR interviews Linux Foundation research lead Hilary Carter about AI-generated code reintroducing insecure or deprecated code into open-source pull requests, Zephyr's security posture, and upcoming research on generative AI's impact on open-source software security.

Added: ; Published: ; Source: Tfir

We changed how Synergy licensing works

Symless said it revised a May EULA change that required business licenses for any work use, limiting the requirement to licenses bought, reimbursed, deployed, or managed by organizations while emphasizing Synergy's open source core and one-time personal licenses.

Added: ; Published: ; Source: Symless

FOSSUnited Grants

Scrite says it received a ₹3 lakh FOSSUnited grant to support the open-source screenwriting project's operations through 2027, including hosting, software licensing, code-signing certificates, and legal-document review.

Added: ; Published: ; Source: Scrite

Open Publishing, Commercial Scale

Sonatype's Brian Fox argues that public open-source package registries are becoming commercial-scale infrastructure, pointing to Maven Central publishing notifications, OpenSSF sustainability discussions, and paid managed registry models such as Eclipse Open VSX.

Added: ; Published: ; Source: Sonatype

An AI Security Engineer in Residence for the Rust Ecosystem

The Rust Foundation says Alpha-Omega funding will support a full-time AI Security Engineer in Residence to help Rust maintainers review critical crates, validate AI-assisted vulnerability reports, and reduce security triage noise.

Added: ; Published: ; Source: Rust Foundation

67 Open Technology Projects Awarded NGI Zero Grants

NLnet announced 67 grants across the NGI Zero Commons Fund, NGI Taler, and NGI Fediversity programs, supporting open technology projects spanning privacy-preserving payments, hosting, developer tools, and user autonomy.

Added: ; Published: ; Source: Nlnet

Our maintainer delegation for UN Open Source Week

The Sovereign Tech Agency said it is bringing nine open source maintainers to UN Open Source Week 2026 to represent practitioner perspectives in discussions about sustaining and securing critical digital infrastructure.

Added: ; Published: ; Source: Sovereign

Dronecode Welcomes Agam Robotics as a Silver Member

The Dronecode Foundation said Agam Robotics joined as a Silver Member, bringing an India-based maker of open-source-aligned UAV hardware and Pixhawk-standard autopilots into the foundation ecosystem.

Added: ; Published: ; Source: Dronecode

Modrinth joins Spark Universe

The open-source Minecraft mod platform Modrinth says it has joined Spark Universe, while promising to keep the project open source, independent from Essential, and focused on creator monetization.

Added: ; Published: ; Source: Modrinth

AI vulnerability discovery is pushing 2026 CVEs toward 66,000

Help Net Security reports that AI-assisted bug hunting is pushing 2026 CVE forecasts toward 66,000 disclosures, while urgent-patch ratios remain flat and maintainers face a race between faster AI-built exploits, patches, detection signatures, and validation work.

Added: ; Published: ; Source: Helpnetsecurity

Craig McLuckie on Culture as a Team's Operating System in the AI Era

InfoQ interviews Kubernetes co-creator Craig McLuckie about AI coding tools' impact on open-source communities, including maintainer fatigue from AI-generated slop pull requests, the need for stronger review culture, and how engineering teams should treat culture as an operating system.

Added: ; Published: ; Source: Infoq

A human in control

Daniel Stenberg says curl will remain human-led despite AI coding tools, requiring human review and ownership for every merge and arguing that long-term maintainability, project knowledge, and human communication matter more than faster code generation.

Added: ; Published: ; Source: Haxx

Chainguard Launches Athena, the Industry Coalition to Fix Open Source Vulnerabilities Before Attackers Can Find Them

Chainguard announced Athena, an industry coalition with BNY, Cisco, Cloudflare, Docker, JPMorganChase, PwC, and others to coordinate discovery, pre-embargo remediation, and patch publication for open-source vulnerabilities found by AI and security researchers, saying it has processed more than 20,000 findings and generated over 2,000 patches.

Added: ; Published: ; Source: Yahoo

FreeBSD Receives Funding To Launch AI-Assisted Vulnerability Discovery

Phoronix reports that the FreeBSD Project launched an AI-Assisted Vulnerability Discovery Project with grant funding from the Linux Foundation-backed Alpha-Omega project to find and report vulnerabilities in FreeBSD and open-source components.

Added: ; Published: ; Source: Phoronix

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

The Hacker News reports on Tenet Security's Agentjacking attack, where malicious Sentry error reports in the open-source monitoring platform can steer AI coding agents into running attacker-controlled commands on developer machines, exposing another workflow risk for agent-assisted software maintenance.

Added: ; Published: ; Source: Thehackernews

Improving Arm64 support in CNCF projects with OCI credits

CNCF says the Oracle Cloud Infrastructure credits pool is funding Arm64 CI and build work across cloud-native projects, including maintainers receiving compute support to improve multi-architecture testing and reduce infrastructure costs.

Added: ; Published: ; Source: CNCF

When code costs nothing to produce, how do you review it all?

Laurie Voss argues that AI coding agents have collapsed the cost of producing plausible code while leaving human review as the bottleneck, citing research on GitHub developers and METR tests where open-source maintainers said they would reject about half of agent-generated pull requests that passed automated benchmark checks.

Added: ; Published: ; Source: Linkedin

Curl will not accept vulnerability reports during July 2026

Daniel Stenberg says the curl project will pause HackerOne and security-email vulnerability intake for July 2026 so maintainers can recover from months of unusually heavy report pressure, while paid support customers will still receive service and the next curl release is pushed back two weeks.

Added: ; Published: ; Source: Haxx

Snowplow Limited Use License FAQ

Snowplow says it is moving new versions of core pipeline components and dbt models from Apache 2.0 to a source-available Limited Use License that permits source access, modification, and non-production or non-commercial use, but bars production deployment and competing SaaS or on-prem offerings unless users pay.

Added: ; Published: ; Source: Snowplow

NanoClaw now armed with JFrog for safer packages

The Register reports that the open-source NanoClaw AI-agent framework integrated with JFrog's vetted registries so agents can fetch packages from reviewed sources, while NanoCo also built a human-approved PR Factory to triage the surge of AI-generated contributions to the project.

Added: ; Published: ; Source: The Register

AI is code – and can't be prompted into being smarter

The Register argues that AI coding agents behave like software that will ingest untrusted instructions, connecting the jqwik maintainer's anti-AI output warnings with Shai-Hulud-style supply-chain attacks and the broader risk that bots can be manipulated through open-source project text and build artifacts.

Added: ; Published: ; Source: The Register

Announcement: Unleash open source moves to AGPLv3

Unleash's June 9 release notes say Unleash v8 moves the primary GitHub repository and unleash-server npm package from Apache 2.0 to AGPLv3, while official Docker images and SDKs remain under permissive terms and commercial SaaS modifiers are directed to a commercial license.

Added: ; Published: ; Source: Getunleash

Google's Open Source Strategy in the AI Era

ECI Research reports on Google's OSPO strategy, including foundation-governed AI protocols, upstream security investment through OpenSSF Alpha-Omega, and guidance to respect maintainer policies on AI-generated contributions as open source governance and sustainability pressures grow.

Added: ; Published: ; Source: Efficientlyconnected

Bambuddy Says Bye To Bambu Lab Cloud Services

Hackaday covers Bambuddy, an open-source self-hosted alternative to Bambu Lab's cloud printer services that uses LAN-only and developer modes to keep slicing, printing, and monitoring local, presenting it as a response to Bambu's cloud dependency, AGPLv3 violations, and heavy-handed legal behavior.

Added: ; Published: ; Source: Hackaday

GitHub availability report: May 2026

GitHub says rapidly growing traffic from AI-assisted and agentic development workflows is driving infrastructure changes, while its May incident report details disruptions to pull requests, Actions, Copilot code review, and Copilot coding-agent sessions across the open-source development platform.

Added: ; Published: ; Source: GitHub Blog

Kickbacks.ai: ads in the Claude Code spinner — anatomy of a land grab with no lease

Go To Agency analyzes Kickbacks.ai, an extension that replaces Claude Code's spinner with auctioned ads and promises developers half the revenue, arguing that the monetization play echoes the npm terminal-ad backlash while introducing supply-chain risk through bundle patching, weakened CSP, and unsigned auto-updates.

Added: ; Published: ; Source: Go To Agency

The Shift in OSS Strategy Driven by the Challenge of Long-Term Maintenance

The Civil Infrastructure Platform describes how Renesas moved from consuming embedded Linux to collaborating through the Linux Foundation-hosted CIP project, saying industrial systems with 10- to 20-year lifecycles require shared long-term maintenance, upstreaming, and ecosystem participation rather than one-off vendor support.

Added: ; Published: ; Source: Cip Project

AI Is Here to Stay. The Real Challenge Is Operating It Securely

Thierry Carrez writes that AI-generated code is already landing in OpenStack and other open-source projects, arguing that maintainers need secure operating practices, human review, provenance, and automated gates as generated patches increase.

Added: ; Published: ; Source: Devops

AI Reshapes Bug Bounties but Humans Still Matter

Bank Info Security reports that AI-assisted vulnerability research is increasing submissions across open-source and commercial bug bounty programs, while the Internet Bug Bounty pause and GitHub payout changes show ongoing funding, triage, and human validation pressure.

Added: ; Published: ; Source: Bankinfosecurity

A Vibe-Coded Customer Issue Dashboard

DoltHub says AI agents now file pull requests instead of traditional issues against the open-source Dolt database, prompting the maintainers to build a dashboard that tracks agent-reported problems, customer impact, and support workflow changes for a growing cyborg user base.

Added: ; Published: ; Source: Dolthub

AI agents are increasingly writing open source software code

AI World reports that pull requests with AI agents such as Claude Code or Codex listed as co-authors rose from 2% to 10% across one million critical open-source repositories between October 2025 and May 2026, while maintainers face new review pressure from agent-written code, malicious attacks, and invalid bug reports.

Added: ; Published: ; Source: Aiworld

Codex for Open Source

OpenAI opened applications for Codex for Open Source, a program for maintainers of active, widely used open-source projects that offers selected maintainers six months of ChatGPT Pro, possible Codex Security access, and API credits for coding, review, automation, release, and core OSS work.

Added: ; Published: ; Source: Openai

Vim Classic 8.3 Launched as an AI-Free Vim Fork

Slashdot reports on Vim Classic 8.3, a long-term-support fork of Vim maintained without generative AI tools after Drew DeVault objected to LLM-assisted development in Vim and Neovim, making the fork part of the wider debate over AI use in open-source maintenance.

Added: ; Published: ; Source: Slashdot

Fossorial commercial license

Fossorial's Pangolin license page describes a commercial license for its open-source remote-access platform, saying licensed materials can supersede prior AGPLv3 terms, paid features require a license key, and commercial use above the personal tier requires an enterprise license.

Added: ; Published: ; Source: Pangolin

Why We Removed FluentAssertions from Akka.NET

Petabridge explains why Akka.NET removed FluentAssertions as a transitive TestKit dependency after FluentAssertions moved from MIT licensing to a commercial model, arguing that Akka.NET should remain permissionless to use while users can still choose a direct FluentAssertions dependency.

Added: ; Published: ; Source: Petabridge

Intel Ending Development Of BigDL: An Open-Source AI/LLM Effort Getting Axed

Phoronix reports that Intel is ending development of BigDL, an open-source AI/LLM project for running large language models across Intel XPUs, as part of ongoing open-source cutbacks, corporate restructuring, and cost cutting, with users pointed toward OpenVINO and related alternatives.

Added: ; Published: ; Source: Phoronix

TensorZero repository archived after $7.3M seed funding announcement

The TensorZero GitHub repository for an Apache-2.0 open-source LLMOps platform was archived by the owner on June 12 and is now read-only, shortly after the project promoted a $7.3 million seed round to build an open-source stack for LLM applications.

Added: ; Published: ; Source: Github

Please Do Not Ban AI-Assisted Issue Reports

GNOME developer Michael Catanzaro argues against blanket bans on AI-assisted issue reports, saying current policies across GNOME projects conflate low-quality spam with useful translated or AI-assisted bug reports and should focus on report quality rather than whether an LLM was involved.

Added: ; Published: ; Source: GNOME Foundation

Is Conda actually free?

PyDevTools explains that the BSD-licensed conda package manager remains free while Anaconda's default package repository has commercial terms for organizations above 200 employees or contractors, including nonprofits and government agencies, urging users to switch to conda-forge or Miniforge to avoid licensing surprises.

Added: ; Published: ; Source: Pydevtools

Commit to freedom

The Free Software Foundation opened its summer appeal for associate members and donations, asking supporters to fund its advocacy, licensing, and community work for user freedom and free software.

Added: ; Published: ; Source: Fsf

Twenty One Zero-Days in FFmpeg

Depthfirst says its production autonomous security agent found 21 zero-day vulnerabilities in FFmpeg after recent Google and Anthropic AI-assisted scans, including reproducible proof-of-concept inputs, assigned CVEs, and analysis of exploitability in the widely deployed open-source media stack.

Added: ; Published: ; Source: Depthfirst

I Am Not a Reverse Centaur

Miguel Grinberg says he will no longer accept unsolicited pull requests on his open-source projects after a surge of LLM-generated drive-by contributions, arguing that maintainers are being pushed into unpaid review of machine-produced code they did not ask for.

Added: ; Published: ; Source: Miguelgrinberg

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

The Hacker News reports that three patched vulnerabilities in the open-source LangGraph AI-agent framework could be chained in self-hosted deployments to move from SQL injection to unsafe deserialization and remote code execution, highlighting governance and security pressure on agent infrastructure.

Added: ; Published: ; Source: Thehackernews

BOLT Security Engagement Complete!

OSTIF reported completion of Sovereign Tech Agency-supported security work on LLVM's open-source BOLT binary scanner, with Quarkslab extending compiler-flag coverage, implementing a custom scanner, and publishing documentation and an audit report.

Added: ; Published: ; Source: Ostif

Improving Scala's docs and website

The Scala team described documentation and website work funded through the Sovereign Tech Agency investment, including standard-library Scaladoc improvements, compiler-checked examples, documentation backlog reduction, and updated Scala 3 language references.

Added: ; Published: ; Source: Scala Lang

NSF investing in secure open-source ecosystems

The U.S. National Science Foundation announced up to $40 million for its Pathways to Enable Secure Open-Source Ecosystems initiative, funding organizations that grow sustainable ecosystems around existing open-source products and improve security and privacy in those ecosystems.

Added: ; Published: ; Source: Nsf

TYPO3 Association Joins the Open Regulatory Compliance Working Group

The TYPO3 Association says it joined the Eclipse Foundation-hosted Open Regulatory Compliance Working Group to collaborate with other open-source foundations, vendors, researchers, and industry stakeholders on practical Cyber Resilience Act readiness for open-source stewards.

Added: ; Published: ; Source: Typo3

Transitioning from NGI to Open Internet Stack — open calls temporarily paused

NLnet says it is temporarily pausing most open calls while it reviews a decade of Next Generation Internet work and prepares three new Open Internet Stack programmes after the summer; ongoing projects continue, with only NGI Taler and NGI Fediversity pilot proposals accepted during the pause.

Added: ; Published: ; Source: Nlnet

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

The Hacker News reports that separate Imperva and Varonis research found OpenClaw agents could be manipulated through hidden contact, vCard, location, email, and prompt-injection inputs to execute attacker-controlled actions or leak synthetic credentials and customer data, illustrating open-source agent security and governance risks.

Added: ; Published: ; Source: Thehackernews

A Commons of Software Productive Infrastructure, by and for Capital

Gnuxie argues that open source has long functioned as productive infrastructure for capital, challenging sustainable-open-source narratives that treat corporate free use as an aberration and tracing how funding, foundations, and maintainer labor are shaped by business demand rather than end-user freedom.

Added: ; Published: ; Source: Marewolf

A-Team Systems Joins the Open Source Security Foundation

A-Team Systems announced it joined the Open Source Security Foundation, extending its Linux Foundation membership and backing OpenSSF work on software supply-chain security, vulnerability disclosure, SBOM tooling, developer best practices, security education, and secure production Linux and open source infrastructure.

Added: ; Published: ; Source: Ateamsystems

Euro-Office’s Break From OnlyOffice Faces Fresh Questions

Open Source For You reports that Cybernews analysis found Euro-Office remains heavily dependent on Russian-origin OnlyOffice code despite its split from OnlyOffice, raising open-source supply-chain, provenance, transparency, security, and digital-sovereignty questions around the European office-suite fork.

Added: ; Published: ; Source: Opensourceforu

AISLE Snapshot brings AI vulnerability scanning on premises

The Next Web reports that AISLE launched an on-premises AI vulnerability scanner after claiming to have found more than 225 CVEs, including all 12 OpenSSL zero-days in January 2026, underscoring continued AI-assisted vulnerability-discovery pressure on core open-source infrastructure.

Added: ; Published: ; Source: Thenextweb

Integrating Community Feedback into Foundation Strategy Part 2

The PHP Foundation says fundraising and sustainability are its most consequential 2026 operational priorities, with plans for sponsor research, revised benefits, a $40,000 fundraising initiative, cross-ecosystem funding work, and a $700,000-plus annual fundraising target.

Added: ; Published: ; Source: Thephp

On the Two Sides and the Spectrum That Is Open Source Maintenance

Jens Oliver Meiert argues that open-source maintenance sits on a spectrum shaped by project popularity, staffing, and funding, with maintainers and users both facing tradeoffs as projects add more process to manage issue-reporting load.

Added: ; Published: ; Source: Meiert

Program management update — May 2026

Rust's program management update says the Rust Foundation Maintainer Fund RFC has been merged and the foundation will begin raising money dedicated to maintenance work such as review, triage, large-scale refactoring, and unblocking new features.

Added: ; Published: ; Source: Rust Lang

The EU Cloud and AI Development Act in Depth

Inside Global Tech analyzes the European Commission's Cloud and AI Development Act proposal, noting that it would codify an 'open source first' principle for EU public bodies, require reusable public-sector software through an EU catalogue, and create an OSPO network aligned with the EU Open Source Strategy.

Added: ; Published: ; Source: Insideglobaltech

Euro-Office, open standards, and native ODF

The Document Foundation welcomed Euro-Office's attention to open standards while disputing claims that it is Europe's first open-source office suite and arguing that true digital sovereignty requires ODF as the suite's native document format, not merely an import/export option.

Added: ; Published: ; Source: Documentfoundation

Snapmaker commits $150,000 to fund community projects behind the U1

VoxelMatters reports that Snapmaker launched a $150,000 Innovation Fund for the open-source U1 3D printer ecosystem, pairing $50,000 in pre-selected sponsorships for open-source developers with a $100,000 global maker competition for hardware and software projects.

Added: ; Published: ; Source: Voxelmatters

Fedora Account Compromise Raises AI Agent Supply Chain Concerns

Linuxiac reports that Fedora is investigating suspicious contributor-account activity after an alleged compromise led to inaccurate, AI-like actions across Fedora Bugzilla and related upstream projects, including reverted Anaconda patches and maintainer warnings about unsupervised AI agents.

Added: ; Published: ; Source: Linuxiac

The Open Source Maturity Spectrum

RedMonk's Stephen O'Grady maps how vendors move from unavoidable open-source consumption toward contribution, foundations, and strategic embrace, emphasizing that open source offers distribution and community while creating monetization and business-model tradeoffs.

Added: ; Published: ; Source: Redmonk

Meet the new Sovereign Tech Fellows

Sovereign Tech announced its 2026 Fellowship cohort, expanding a program that gives 14 maintainers, community managers, and technical writers flexible support to work on critical open source infrastructure across Rust, Python, security, sustainability, and community health.

Added: ; Published: ; Source: Sovereign

DSF 2026 Fundraising Goals

The Django Software Foundation says it is raising its annual fundraising goal from $300,000 to $500,000 to sustain the Django Fellows program, maintain infrastructure and legal protections, support events and community grants, and work toward hiring an executive director.

Added: ; Published: ; Source: Djangoproject

Gaslighting Openness

Armin Ronacher argues that companies are reframing open access to devices, data, and AI systems as a safety threat, warning that open-source values are being stressed by AI-generated code, changing contributor dynamics, licensing limits, and platforms closing doors behind them.

Added: ; Published: ; Source: Pocoo

The Jqwik Anti-AI Affair

Jqwik maintainer Johannes Link explains the backlash after he added anti-AI-agent language to the open-source property-testing project's logging output, describing it as self-defense against agent use after unpaid maintenance stalled and noting the ensuing GitHub issues, legal threats, and Maven Central removal request.

Added: ; Published: ; Source: Johanneslink