I’m moving away from using products by big tech and I recently started using EnteAuth for 2FA. Today I got an email from them saying that they received money as part of GitHub’s secure open source fund. Maybe I’m just being paranoid but I do not like this at all. Microsoft is not altruistic I don’t care what anyone says. There has to be an ulterior motive for this. With even the recent news that github won’t be so independent anymore and they’re getting folded into the Microsoft umbrella this has me worried. But let’s be real github was never independent just look at copilot being forced down everyone’s throat. That’s why I personally stopped using it.

According to the fund

Throughout this program, each project receives $10,000 USD via GitHub Sponsors (which breaks down to $6,000 USD during the sprint and $2,000 USD at 6- and 12-month security check-ins). Projects are also invited to a new security focused community, and office hours with the GitHub Security Lab, that they can take advantage of during the full 12 months. They also receive security resources to immediately implement in their project and Azure credits for cloud infrastructure.

Those sponsors include

Alfred P. Sloan Foundation, American Express, Chainguard, Datadog, Herodevs, Kraken, Mayfield, Microsoft, Shopify, Stripe, Superbloom, Vercel, Zerodha, 1Password

Projects that are part of this even include nodejs, nvm, log4j, JUnit, and Matplotlib. Taking cybersecurity seriously is great but this just seems like a way to sucker them into their ecosystem to get them dependent on their products. Like I said maybe I’m being paranoid but I wouldn’t be surprise when Microsoft suddenly buys these projects and we lose what made them so great.