Alpha-Omega status update, 2025 Q1

TI-reports/2025/2025-Q1-Alpha-Omega.md

@@ -0,0 +1,59 @@
+# 2025 Q1 Alpha-Omega
+
+## Overview
+
+Alpha-Omega enters 2025 with renewed funding from Google and Amazon, a healthy pipeline of potential engagements, and updated OKRs to guide and focus on our investments. We're thankful to have such an engaging security community around us and we're looking forward to seeing their accomplishments this year.
+
+## Recent Events / News / Blogs / Etc.
+
+* [What's in the SOSS? Podcast #21 – Alpha-Omega's Michael Winser and Catalyzing Sustainable Improvements in Open Source Security](https://openssf.org/podcast/2024/12/10/whats-in-the-soss-podcast-21-alpha-omegas-michael-winser-and-catalyzing-sustainable-improvements-in-open-source-security/) (CRob, Michael Winser [Alpha-Omega])
+* FOSDEM: [How FreeBSD security audits have improved our security culture](https://fosdem.org/2025/schedule/event/fosdem-2025-6152-how-freebsd-security-audits-have-improved-our-security-culture/) (Pierre Pronchery [FreeBSD], Michael Winser [Alpha-Omega])
+* FOSDEM: [Funding FOSS together: Combining public and private efforts](https://fosdem.org/2025/schedule/event/fosdem-2025-5279-funding-foss-together-combining-public-and-private-efforts/) (Mirko Swillus [Sovereign Tech Fund], Michael Winser [Alpha-Omega])
+* FOSDEM: [Airflow Beach Cleaning - Securing Supply Chain](https://fosdem.org/2025/schedule/event/fosdem-2025-4594-airflow-beach-cleaning-securing-supply-chain/) (Jarek Potiuk [Apache], Munawar Hafiz [OpenRefactory], Michael Winser [Alpha-Omega])
+* [An Overview of Cyber Security Funding for Open Source Software](https://arxiv.org/pdf/2412.05887) (Jukka Ruohonen, Gaurav Choudharya, Adam Alami [University of Southern Denmark]
+
+
+## Upcoming Events
+
+* VulnCon: **Airflow Beach Cleaning - Supply Chain Security with Community in Mind** (Jarek Potiuk [Apache], Michael Winser [Alpha-Omega])
+* VulnCon: **Alpha-Omega: What We've Learned From Funding Open Source Security Over the Past 3 Years, What's Ahead** (Michael Winser [Alpha-Omega])
+* Alpha-Omega Public Meeting - April 2, 2025 -- **please join us!**
+
+## Objectives & Key Results
+
+| **Objective #1: Catalyze trustworthy and secure software, runtimes, and infrastructure for all the major open source ecosystems through staffing** | |
+|-|-|
+| **KR1.1**: Fund security improvements and initiatives for at least ten critical open source organizations by the end of 2025. | On Target |
+| **KR 1.2**: For each engagement, confirm progress toward improved security outcomes, evidenced through initial and/or follow-on assessments, monthly reporting, and periodic check-ins. | In Progress |
+| **KR 1.3**: Drive the organizations we work with to obtain security funding from at least one organization other than Alpha-Omega, targeting 33% by the end of 2025. | Started |
+| **KR 1.4**: Organize quarterly roundtables for at least 5 major ecosystems  to share information, build connections, and collaborate, resulting in at least one new project or joint publication started in 2025. | Started |
+| **KR1.5**: Scaling adoption, consumption, value of OSS Security projects, Getting to sustainability tipping points. | In Progress |
+|-|-|
+| **Objective #2: The top 10,000 open source projects are free of critical security vulnerabilities** | |
+| **KR2.1**: Create and collect open data sets of security-related data for open source projects to make the development of scaled security tooling easier and to make the results more consistent. | Started |
+| **KR2.2**: Expand the "beach cleaning" approach to at least 3 new projects and develop tooling and playbooks to make it easier and cheaper to do for any project | Not Started |
+| **KR2.3**:  Create an open source "Corps of Engineers" group of security expert engineers who can work within and across their communities to provide security guidance to smaller projects in times of crisis. | Started |
+|-|-|
+| **Objective #3: Enhance Alpha-Omega's effectiveness in innovation, experimentation, and marketing** | |
+| **KR3.1**: By the end of 2025, run three experiments to explore new strategies for reducing security risk within the open source ecosystems, share the results/ learnings, using them to refine our overall strategy and objectives for 2026. | Not Started |
+| **KR3.2**: More active internal marketing to stakeholders targeted at specific teams through infographics and marketing assets. | Started |
+| **KR3.3**: Continue our progress from 2024 on auditing and improving the security of the top open source AI libraries by developing guidance for organizations that use them to do so securely. | On Target |
+|-|-|
+| **Objective #4: Run an operationally efficient, growing, and effective program** | |
+| **KR4.1**: Allocate at least 85% of our yearly spend to activities directly in support of our mission. | On Target |
+| **KR4.2**: Receive at least $5 million in renewed funding in 2025. | Completed |
+| **KR4.3**: For each partner engagement, at least 70% of the objectives defined within the respective agreement are met within the defined time period. | In Progress |
+| **KR4.4**: Develop and deliver quarterly reports. Increase engagement/interest across stakeholders, grant recipients, and other target orgs. | On Target |
+| **KR4.5**: Jointly fund 3-5 engagements in partnership with other organizations (e.g. Sovereign Tech Agency). | Started |
+
+## Reporting
+
+We published our [annual report](https://alpha-omega.dev/wp-content/uploads/sites/22/2025/01/Alpha-Omega-Annual-Report-2024_012925.pdf) and [impact/outcomes report](https://alpha-omega.dev/wp-content/uploads/sites/22/2025/01/Alpha-Omega-GranteeReport-2024_012925.pdf) in January 2025. One change for this year is that we're moving to quarterly reports instead of [monthly](https://alpha-omega.dev/resources/reports/) -- our Q1 report will be out in the next few weeks.
+
+### Questions/Issues for the TAC
+
+None at this time
+
+## Additional Information
+
+N/A