Open Source: Sovereign Tech Agency investiert 500.000 Euro in Eclipse Foundation
The Sovereign Tech Agency is funding the Eclipse Foundation with over 500,000 euros. The money will be used for software parts lists & vulnerability management.
(Image: Imilian/Shutterstock.com)
The Sovereign Tech Agency has announced investments in the Eclipse Foundation. A total of around 515,000 euros is to flow into the project by the end of the year. The amount is intended to help expand the project infrastructure and security and is earmarked for two initiatives. On the one hand, software supply chains are to be created within the Eclipse Foundation, and on the other, the introduction of improved vulnerability management is planned.
Security training for developers planned
In future, software bill of materials (SBOM) are to be integrated into the build pipelines of the individual projects within the Eclipse Foundation. The funding from the Sovereign Tech Agency will be used to identify suitable SBOM tools, update build processes and create a central SBOM registry for all Eclipse projects. Furthermore, support for SBOM generation is planned for all products of the integrated development environment (IDE). This should ensure that all users of the IDE can create SBOMs for their projects.
The Eclipse Foundation is planning continuous vulnerability monitoring. This is intended to detect problems in project dependencies, even after the software has been released. The money will flow into training courses for developers and maintainers, in which they will learn useful methods for analyzing and eliminating vulnerabilities. Investments in applications such as vulnerability scanners and management platforms are also planned in order to automatically manage security risks in Eclipse Foundation projects.
The Sovereign Tech Agency emerged from the federal government's Sovereign Tech Fund and is intended to promote the development of open source technologies in the public interest. The agency supports the Eclipse Foundation because its open source technologies based on the Java programming language are used in numerous industries and also operate safety-critical applications such as power grid control. This year, the Open Tech Agency has a budget of 29 million euros from the federal budget at its disposal.
(sfe)
