Open Source Funded

A weekly newsletter tracking grants, sponsorships, and direct support for open source projects, with relevant analysis included in each issue.

June 29, 2026

Issue #14: AI pressure meets open-source independence

This week tracks funding, digital sovereignty, and AI-era security pressure reshaping maintainer capacity and open-source independence.

This week in Open Source Funded: AI is showing up less as a model-release story than as a stress test for how open-source projects fund, review, and secure their work. Zig, Nominet, CIRM, LibreOffice, the R Project, and UN Open Source Week keep funding and digital sovereignty in view, while DDEV, Continue, the Corgi/Papermark dispute, and Swift Package Index show different paths for project independence and commercial transitions. Security and governance run through the issue too, from Project Lightwell, Akrites, and Django’s CNA work to guidance and warnings from SFC, Godot, Fedora, GitLab, and others.

Funding, licensing, and project independence

Mitchell Hashimoto pledged another $400,000 to the Zig Software Foundation, bringing his family’s total pledged support to $700,000. Hashimoto connected the donation to Zig’s maintainership model and community philosophy amid continued discussion of the project’s no-LLM contribution policy (Mitchell Hashimoto).

Nominet opened a second application window for its DNS Fund, increasing available support to £650,000, adding multi-year awards, and offering grants of up to £15,000 for individual open-source DNS maintainers. The updated fund keeps the emphasis on sustainability for essential DNS infrastructure (Nominet).

The California Institute for Regenerative Medicine approved a $10 million Data Science and Software Engineering Awards program, offering 15 to 20 awards of up to $500,000 to create, improve, or maintain open-source software for integrating regenerative medicine datasets (CIRM).

The National Oceanography Centre and Asterisk Labs received £7 million from ARIA for Earth Compress, an open-source infrastructure project to compress, distribute, and broaden access to petabyte-scale environmental datasets for research and public services (NOC).

Passbolt renewed its Silver sponsorship of the MariaDB Foundation, extending financial support for MariaDB infrastructure, contributor support, testing, ecosystem maintenance, and community work (MariaDB Foundation). Aqtra Platform also joined the MariaDB Foundation as a Gold Sponsor, adding financial support for MariaDB Server development, technical collaboration, documentation, infrastructure, and ecosystem work (MariaDB Foundation).

The Document Foundation reported that LibreOffice received 140,593 donation transactions totaling €1.8 million net in 2025, about 30% more than the previous year, while official downloads reached a record 44.8 million (The Document Foundation).

The R Core Team received the 2026 Rousseeuw Prize for Statistics, a US$1 million award recognizing the open-source statistical computing language’s long-running contribution to research and practice. The prize will be shared among long-standing R Core Team members and other contributors (International Statistical Institute).

The Rust Foundation launched the Rust Commercial Network to bring commercial Rust users closer to foundation resources, ecosystem investment, and a shared forum for companies relying on Rust in production (Rust Foundation).

The foundation also launched a Trusted Training Program with Mainmatter, Integer 32, Wyliodrin, Doulos, and Ferrous Systems as founding providers, creating an accreditation mark for Rust education backed by the foundation (Rust Foundation).

The Linux Foundation updated LFX Mentoring with a fairer stipend model and shared program standards intended to improve access, expectations, and support for open-source mentorship participants (Linux Foundation).

The Mac Admins Foundation opened its 2026 Summer Giving Drive with a $40,000 goal and matched donations from seven sponsors to fund community infrastructure, scholarships, mentorship, and open-source tools used by Mac administrators (Mac Admins Foundation).

Artist and developer David Revoy argued that drawing-tablet vendors have avoided collaborating on shared Linux FLOSS driver infrastructure because of competitive branding concerns, even though they all depend on the same user-facing ecosystem. Revoy called for companies to fund full-time developers for the common driver work rather than treating Linux compatibility as scattered volunteer labor (David Revoy).

Palantir.net CEO Tiffany Farriss argued that projects such as Drupal have become shared digital infrastructure without matching operational funding for supply-chain security, product management, and CI. Her proposed sustainability model would move more open-source support from donations into procurement and foundation-backed operating budgets (Palantir.net).

Timefold raised a $13 million Series A led by Alstin Capital to expand its scheduling and routing API platform. The round adds commercial backing for the company behind the Apache-2.0 Timefold Solver open-source optimization engine (Timefold).

SuperPlane raised €2.28 million in pre-seed funding to build an Apache-2.0 open-source control plane for AI-assisted production infrastructure workflows, with plans for a hosted version and more community development (The Recursive).

Flexprice raised $1.5 million in seed funding led by Shastra VC to expand its open-source usage-based billing infrastructure for AI-native and API-first companies in the US and Europe (Ascendants).

DDEV said Upsun transferred the DDEV trademark to the DDEV Foundation, a move meant to strengthen the local-development project’s long-term independence. The project also warned that AI-assisted answers are reducing the community support interactions maintainers rely on to understand real user problems and product direction (DDEV).

The New Stack reported that Cursor quietly acquired Continue, the open-source AI coding assistant, in an acqui-hire. Continue’s product is shutting down, while the codebase is being handed to the community, putting another open-source developer-tool project through the familiar question of what survives after a commercial transition (The New Stack).

TechCrunch reported that YC-backed insurance startup Corgi denied accusations from Papermark that it copied Papermark’s open-source product. The dispute adds another example of open-source product strategy colliding with AI-assisted development and competitive “vibe coding” claims (TechCrunch).

Swift Package Index announced that it has joined Apple, moving the Swift package discovery service into Apple after operating as an independent community project. The move gives the service an institutional home, while marking another transition from volunteer-led infrastructure into a platform vendor’s orbit (Swift Package Index).

LWN reviewed Ceph and Garage as open-source object-storage alternatives after MinIO’s company put the project into maintenance mode and then archived the repository, leaving users to evaluate community-governed replacements for infrastructure they had treated as open source (LWN).

OfficeChai reported that Justin Poehnelt said Google fired him after his open-source, agent-oriented Google Workspace CLI went viral. The account puts another corporate-control question around developer tooling as AI agents make product APIs easier to automate (OfficeChai).

FINOS launched an AI Fund backed by founding premier members DTCC, Morgan Stanley, RBC, and NatWest. The announcement frames the fund as a way for financial-services firms to collectively invest in open-source AI governance, controls, specifications, reference implementations, and agentic-workflow infrastructure (FINOS).

FINOS also announced its intent to form the Open Source Enterprise Resiliency Alliance, a financial-services-led initiative backed by Moderne and FINOS members to coordinate open-source backpatching, remediation standards, and compliant consumption at scale (Linux Foundation).

The Open Source Initiative announced a two-year Open Source AI Fellowship with Duke University and launch sponsorship from Red Hat, AWS, Google, Automattic, and Mozilla. The program is meant to support research, policy work, and community consensus around open-source AI governance and standards (OSI).

GitHub joined a coalition seeking changes to California’s AI Transparency Act, arguing that transparency rules should avoid conflicts with open-source licensing and align with international frameworks rather than imposing incompatible obligations on open-source development (GitHub).

Prusa Research released Open Community License v1.1 for CORE One CAD files and related projects, adding modular attribution and micro-business plugins while tightening derivative sharing to OCL-only terms and broadening noncommercial and DIY permissions. The update shows another hardware-adjacent open project trying to balance community remixing, brand control, and small-scale commercial use (Prusa Research).

Codename One explained its approach to funding a GPL-with-Classpath-Exception open-source project through optional paid services such as build capacity, crash protection, analytics, maps, and device-integrity APIs, while arguing against degrading the open core or switching to source-available licensing (Codename One).

The Linux Foundation announced its intent to launch Agent Name Service, an open standard for trusted AI-agent identity, verification, and discovery. The project is positioned as shared infrastructure for agentic systems rather than another proprietary identity layer (Linux Foundation).

Telecom Review Asia reported that China Mobile, GSMA, Huawei, and partners launched OpenAN within Linux Foundation Europe as an open foundation for Level 4 autonomous networks, aiming to coordinate telecom automation architecture, standards, and software collaboration across operators and vendors (Telecom Review Asia).

Upbound launched Modelplane, an Apache-2.0 open-source control plane for AI inference fleets, and said it plans to develop the project in the open before donating it to an open-source foundation later this year (GlobeNewswire).

Tetrate announced Envoy AI Gateway v1.0, an open-source AI gateway built on CNCF’s Envoy Gateway project, with production hardening and maintainer participation from Bloomberg, Nutanix, Tetrate, and the wider Envoy community (Yahoo Finance).

UNDP announced an Africa Accelerator for Digital Public Infrastructure that will provide technical expertise, policy support, institutional strengthening, and investment facilitation for African governments adopting open-source digital public infrastructure instead of proprietary platforms (Biometric Update).

GitHub and UNDP Ghana also teamed up to explore how open-source governance can support digital reform work, including an Open Source Programme Office for government collaboration, community participation, and sustainable public-interest software (GitHub).

ZDNet reported from UN Open Source Week that governments framed open source as digital-sovereignty infrastructure, with speakers calling for OSPO diplomacy, public co-funding, and shared maintenance rather than treating volunteer maintainers as unpaid suppliers (ZDNet). Dawn Foster also recapped sessions on digital sovereignty, OSPOs, maintainer governance, and financing digital public goods as shared infrastructure rather than charity (Fast Wonder). EU Perspectives reported that the European Commission’s Tech Sovereignty Package includes a seven-year, €2 billion plan to strengthen European open-source infrastructure as an alternative to dependence on Big Tech platforms (EU Perspectives).

The Eclipse SDV Working Group said the European Commission’s European Tech Sovereignty Package highlighted Eclipse SDV as a model for vendor-neutral industrial open-source collaboration in automotive software, alongside planned support for shared open-source building blocks and critical infrastructure (Eclipse Foundation). New Atlas also reported on Eclipse S-Core, where BMW, Mercedes-Benz, Volkswagen, Stellantis, and other automakers are pooling software for a shared open-source foundation for future vehicle operating systems (New Atlas).

The Academy Software Foundation and the Visual Effects Society Technology Committee launched a Wayland for Artists Working Group to coordinate open-source display-server work around artist, studio, and production pipeline needs (ASWF).

Dynatrace detailed its open-source investment across cloud-native observability projects, including engineering leadership in OpenTelemetry governance, its Keptn donation to the CNCF, founding support for W3C Trace Context, and OpenFeature contributions (Dynatrace).

InfoWorld argued that AI coding tools and cloud APIs are creating a new generation of software-development lock-in risks. The piece frames open infrastructure, open standards, and foundations as a way for teams to avoid depending entirely on proprietary, usage-billed platforms as AI becomes embedded in development workflows (InfoWorld).

AI, security, and maintainer capacity

Trail of Bits introduced Patch the Planet, an OpenAI Daybreak-backed initiative that pairs security engineers and AI tools with open-source maintainers to triage findings and submit fixes. The team said the effort produced 64 pull requests and 51 issues across 19 projects in its first week (Trail of Bits). Yahoo Tech described the work as a funded collaboration among OpenAI, Trail of Bits, HackerOne, and Calif that is trying to reduce low-quality vulnerability-report noise while getting maintainers reviewed fixes (Yahoo Tech).

Filippo Valsorda argued that LLM-assisted vulnerability discovery has made bug reports less scarce and less confidential, changing how open-source maintainers should triage, prioritize, and disclose security findings (Filippo Valsorda).

IBM and Red Hat announced Project Lightwell, described by StorageNewsletter as a $5 billion commitment to build a trusted enterprise clearinghouse for open-source software security. The effort combines AI-assisted vulnerability validation, commercial subscriptions, and more than 20,000 engineers to patch supply-chain risks at scale (StorageNewsletter). Techzine reported that IBM is also bringing OpenAI cybersecurity models into Lightwell for read-only analysis, risk prioritization, and AI-assisted remediation of enterprise and open-source supply-chain components (Techzine). Palo Alto Networks later said it would expand Project Lightwell by pairing virtual patching with IBM and Red Hat’s open-source remediation work, aiming to narrow the gap between vulnerability discovery and deployed fixes (Palo Alto Networks). Deloitte also joined the Lightwell work as an integration collaborator, adding secure software supply-chain architecture, cyber risk services, and forward-deployed engineers for enterprise remediation and backpatching workflows (Deloitte). TechTarget connected Project Lightwell and Chainguard’s maintainer-of-last-resort proposal as parallel attempts to turn open-source vulnerability triage into staffed clearinghouse infrastructure (TechTarget).

Tuskira said its research on Anthropic Mythos disclosure data found 1,596 verified vulnerabilities across 281 open-source projects, with 95% not yet visible in public advisory systems and only 6.1% marked patched despite broad maintainer acknowledgment. The finding reinforces how AI-assisted discovery can move faster than existing disclosure and remediation pipelines (Yahoo Finance).

Aisle said its AI-native security platform and research team found six CVEs in curl’s latest security-heavy release, after Anthropic’s Mythos work triggered a wave of AI-assisted vulnerability research against the open-source project (Aisle).

The libexpat project released Expat 2.8.2 with fixes for 13 CVEs, including reports credited to Trail of Bits, Anthropic, and other researchers. The release note also reminded users that the widely used XML parser is on a security-report vacation until August 1, another sign of the human limits around vulnerability intake (XML.com).

The Django Software Foundation explained how it became a CVE Numbering Authority, giving the foundation the ability to assign CVEs for Django and selected community projects while aligning security advisories with its existing release workflow (Django Software Foundation).

OSTIF published results from a CNCF-supported Kubeflow security audit by ADA Logics, reporting 14 security-impact findings along with threat modeling, OpenSSF Scorecard assessments, and fuzzing work across six Kubeflow projects (OSTIF).

CyberScoop reported that governments and industry are struggling to close open-source software security gaps, with experts pointing to chronic underinvestment, volunteer maintainer limits, and AI-driven vulnerability discovery that can outpace disclosure and patching (CyberScoop).

DevOps.com argued that AI-assisted development is exposing unsupported open-source dependencies inside organizations, turning governance, lifecycle management, and sponsorship into security concerns rather than back-office inventory work (DevOps.com).

ReversingLabs covered calls for frontier AI companies to fund open-source ecosystem security as AI-assisted vulnerability discovery outpaces maintainer capacity, including proposals for a Great Refactor Fund and direct support for remediation work (ReversingLabs).

Andrew Nesbitt described Scrutineer, an Alpha-Omega-funded pipeline that scans open-source repositories, verifies findings, drafts fixes, and coordinates disclosure so machine-generated vulnerability volume does not flood maintainers directly (Andrew Nesbitt).

InfoWorld argued that maintainers should judge agentic-code submissions by quality and license compliance rather than relying only on blanket bans, while acknowledging review overload, copyright questions, and GPL-compliance risks from AI coding tools (InfoWorld).

Red Hat outlined a policy, skills, and automation framework for safer AI-assisted coding, connecting enterprise code review risk to the same maintainer burden open-source projects face when generated pull requests arrive faster than humans can validate them (Red Hat).

Phoronix reported that Linux 7.2’s KVM updates include no new ARM64 features because ARM maintainers were occupied reviewing and fixing AI-fueled changes, illustrating how AI-generated work can consume maintainer capacity even inside mature kernel workflows (Phoronix).

DevClass reported on a Checkmarx survey finding that most developers believe AI-generated code is more vulnerable, while many still ship code with known vulnerabilities. The report also ties production applications’ heavy reliance on open-source dependencies to the growing pressure maintainers face from AI-discovered security work (DevClass).

The New Stack reported on GitLab’s AI Accountability Report, which argues that AI coding tools are shifting the bottleneck from writing code to reviewing and governing it. The report found many teams cannot reliably distinguish AI-generated code from human-written work, raising the cost of validation for maintainers and engineering organizations (The New Stack).

Researchers Arsham Khosravani and Audris Mockus studied AI coding-agent traces across more than 180 million Git repositories, finding that single-signal measurements miss most agent activity and that tools such as Claude Code, Codex, Cursor, and Devin leave different adoption patterns in public development data (arXiv).

Greptile described a wave of low-quality AI-generated pull requests around OpenClaw and compared the pattern to early email spam, arguing that open-source maintainers need new trust and moderation systems as agent-generated PRs get cheap (Greptile).

Vincent Schmalbach argued that AI has made plausible bug reports, pull requests, and security disclosures cheap to generate but still expensive for maintainers to verify. He called for stronger intake rules, rate limits, labeling, and abuse controls to protect open-source review time (Vincent Schmalbach).

Information Age reported that Australian open-source maintainers are being inundated with AI-generated code and bug reports, shifting the bottleneck to human review and prompting maintainers and GitHub to use AI triage tools to cope with the flood (Information Age).

LWN reported on Fedora’s debate over two-factor authentication requirements for packagers after an alleged account compromise led to an AI agent causing problems for the project, tying authentication policy to broader supply-chain and maintainer-workflow pressure (LWN).

Linuxiac reported on Software Freedom Conservancy guidance for LLM-assisted FOSS contributions, emphasizing human review and understanding, disclosure of AI use, avoidance of unattended generated patches, and maintainers’ right to reject AI-assisted submissions (Linuxiac).

Percona’s Jan Wieremjewicz argued that PostgreSQL needs a clear AI-usage policy for contributions, warning that generated code, reports, and reviews can help participation but can also overwhelm maintainers and weaken trust unless communities set disclosure and review expectations (Percona).

Kubernetes maintainers explained how the project is adapting to AI-assisted contributions with disclosure rules, human accountability, CLA checks for co-authors, limits on AI responses to review comments, and experiments with automated review tools (Kubernetes).

Groundy examined a proposal for knowledge-based pull requests, where agent-submitted knowledge would be separated from code changes and project-controlled agents could regenerate patches. The idea is aimed at making AI-assisted contributions easier for maintainers to audit before accepting code (Groundy).

An Emacs contributor said a narrow macOS performance patch was rejected under GNU policy because the issue was found and the patch drafted with LLM assistance, despite human review and benchmarking. The episode adds a concrete example to the week’s debate over disclosure, provenance, and maintainers’ ability to accept or reject AI-assisted work (xlii.space).

Developer Tech reported that Alpha-Omega funding is supporting dedicated Rust security triage operations. The work is aimed at helping the ecosystem handle AI-assisted vulnerability reports, patch review, supply-chain monitoring, and the growing review load around security disclosures (Developer Tech).

A Rust community maintainer described a fake-interview attack that tried to backdoor their machine, and potentially crates.io packages, through a malicious TypeScript patch. The writeup shows AI used defensively too: the maintainer said Claude helped inspect the payload before it ran (Grack.com).

BleepingComputer reported that a seemingly clean GitHub repository can manipulate AI coding agents into running malware that remains hidden from security scanners, AI agents, and human reviewers. The attack shows another supply-chain risk created when agentic tools are allowed to inspect, execute, or trust repository instructions without enough isolation (BleepingComputer).

Phoronix reported that fwupd 2.0.21 backports fixes for more than 250 potential security issues found through AI-assisted scanning, giving conservative distributions access to hardening work already landing in the open-source firmware update tool’s 2.1 series (Phoronix).

The Hacker News reported on Squidbleed, a 29-year-old heap over-read in the open-source Squid proxy that can leak cleartext HTTP request fragments. The researcher credited AI assistance with spotting the parser flaw, another example of AI-assisted vulnerability discovery turning old open-source maintenance debt into urgent review and patch work (The Hacker News).

Chainguard proposed a neutral maintainer-of-last-resort model for abandoned open-source projects, covering patching, trusted builds, advisory coordination, and commercial support when upstream disclosure or maintenance fails. It is another example of companies trying to turn open-source security maintenance into explicit, staffed infrastructure rather than an emergency volunteer task (Chainguard).

HeroDevs argued that AI-assisted vulnerability discovery and exploitation are widening the gap between supported and end-of-life open-source software, using curl and abandoned framework examples to pitch maintained long-term support as a security necessity (HeroDevs).

LTM joined Athena, a Chainguard-led coalition coordinating shared intelligence, pre-disclosure remediation, and upstream fixes for open-source software vulnerabilities as AI tools accelerate vulnerability discovery and exploitation pressure (Yahoo Finance).

The Register interviewed Chainguard’s Dan Lorenc about Athena and the wider AI-assisted vulnerability surge, reporting that the coalition has processed more than 20,000 findings and developed more than 2,000 patches across 500 open-source projects as maintainers prepare for more disclosures (The Register).

The Linux Foundation launched Akrites with AWS, Anthropic, Chainguard, Cisco, Google, IBM, Microsoft and GitHub, OpenAI, Red Hat, the Rust Foundation, and others. The initiative is meant to coordinate finding, fixing, and responsibly disclosing vulnerabilities in critical open-source software as AI-enabled security pressure grows (Linux Foundation). Akrites also published an open letter committing engineering resources, security expertise, and funding toward confidential upstream remediation for critical open-source vulnerabilities (Akrites).

Sonatype argued that AI-accelerated vulnerability discovery is pushing open-source security away from isolated project-by-project response and toward coordinated remediation among maintainers, foundations, vendors, enterprises, and governments (Sonatype).

Godot maintainers clarified that the open-source game engine tolerates limited AI assistance but will reject fully AI-generated or low-quality submissions. According to Game Developer, the project is trying to draw a line between ordinary tool use and contribution patterns that create review burden or quality problems for maintainers (Game Developer).

Hugging Face described how maintainers of the open-source huggingface_hub Python client moved to weekly releases with a GitHub Actions pipeline that uses AI-assisted drafting, open tooling, downstream tests, and human review. The post frames automation as a way to make release work more repeatable without handing off maintainer judgment (Hugging Face).

PostHog described using parallel Claude Code sessions, property-based testing, and production shadow mode to replace its ANTLR-based SQL parser with a much faster hand-rolled parser. The writeup is another example of AI-assisted development being routed through tests, staged rollout, and maintainer control rather than treated as unattended code generation (PostHog).

Projects joining a foundation

The Rust Foundation welcomed Integer 32, Convex, Renesas, Peeriot, and the Processing Foundation as new member organizations, expanding institutional support around the Rust ecosystem (Rust Foundation).

HeroDevs joined the Commonhaus Foundation Open Source Sustainability Initiative as a founding Gold Partner, connecting its commercial long-term-support work for end-of-life open-source software with Commonhaus communities including Hibernate, Jackson, and Quarkus (HeroDevs).

Datavant joined the Linux Foundation-hosted Agentic AI Foundation, adding healthcare data interoperability, privacy, compliance, governance, and trusted-access requirements to the foundation’s open-standards work for agentic AI infrastructure (Yahoo Finance).

Posit joined the Jupyter Foundation as an official member, saying its membership will support core infrastructure, release engineering, governance, and events across the Jupyter, IPython, JupyterLab, JupyterHub, and kernel ecosystem (Posit).

AMPEL was accepted as a new OpenSSF Sandbox project, moving the supply-chain policy engine toward Linux Foundation governance so developers and downstream consumers can verify signed metadata about source, builds, dependencies, and releases (OpenSSF TAC).

SQLRooms joined the OpenJS Foundation under the Open Visualization Working Group, giving the DuckDB- and React-based analytics application framework a neutral home within the vis.gl open-source visualization ecosystem (OpenJS Foundation).

Wi4MPI joined the High Performance Software Foundation as a new project, adding a drop-in compatibility layer that lets applications built for one MPI implementation run on another without recompilation (HPSF).

The Koha community reported a governance milestone for its planned Koha Charitable Foundation, naming the first nominees for an inaugural board that will oversee sustainability, finances, and community values for the open-source library system (Koha).

Aviatrix joined the Open Information Security Foundation as a consortium member and embedded the open-source Suricata IPS engine into its multicloud security data path (Open Source For You).

Jobs

Foundations and core infrastructure

  • Wikimedia Foundation — Community Management Associate (link) — Remote. Posted 2026-06-26.
  • Wikimedia Foundation — Lead Product Partnerships Manager (Fixed Term Contract) (link) — Remote. Posted 2026-06-25.
  • Open Home Foundation — Fundraising Manager (link) — United States. Posted 2026-06-25.

Community and developer relations

  • LiveKit — Developer Success Engineer (link) — Remote, London. Posted 2026-06-27.
  • Infisical — Developer Advocate (link) — San Francisco, CA / Remote (US; Canada). Posted 2026-06-26.
  • Supabase — Field & Events Marketing Manager (link) — AMER. Posted 2026-06-25.
  • Elastic — Senior Developer Advocate (Video Content Creator) (link) — United Kingdom. Posted 2026-06-24.
  • Temporal Technologies — Senior Manager, Events & Field Marketing - AMER (link) — United States. Posted 2026-06-24.
  • LangChain — Technical Docs Writer (link) — New York, NY; San Francisco, CA. Posted 2026-06-24.
  • Sonar — Technical Communications Manager (link) — Austin, Texas. Posted 2026-06-23.
  • G-Research — Open-Source Evangelist (link) — London, United Kingdom. Posted 2026-06-23.
  • Percona — Developer Advocate (Remote) (link) — North America. Posted 2026-06-23.
  • Coder — Developer Relations Engineer (link) — United States. Posted 2026-06-23.
  • JetBrains — Head of Web Ecosystem (link) — Amsterdam, Netherlands; Belgrade, Serbia; Berlin, Germany; Limassol, Cyprus; London, United Kingdom; Madrid, Spain; Munich, Germany; Paphos, Cyprus; Prague, Czech Republic; Warsaw, Poland; Yerevan, Armenia. Posted 2026-06-22.
  • Figma — Open Source Developer (link) — San Francisco, CA; New York, NY; Remote US. Posted 2026-06-22.

OSPO and public-sector open source

  • G-Research — Deputy Head of Open Source Development (link) — London, United Kingdom. Posted 2026-06-23.
  • International Committee of the Red Cross — Platform Engineering Lead (link) — Geneva, Switzerland. Posted 2026-06-22. Deadline 2026-07-13.

Sustainability and commercial open source

  • Astronomer — Regional Sales Director, Northeastern US (link) — New York City. Posted 2026-06-29.
  • Astronomer — Enterprise Account Executive - AST-1336 (link) — Remote (United States). Posted 2026-06-29.
  • Acquia — Manager, Security Engineering (link) — Remote-United-States. Posted 2026-06-27.
  • Sysdig — Staff Software Engineer (Cloud Provider Team) (link) — Flexible - Italy. Posted 2026-06-26.
  • Sysdig — Senior Software Engineer, Monitor team (link) — Flexible - Italy. Posted 2026-06-26.
  • Supabase — Postgres Deployment Engineer (Nix) (link) — Remote. Posted 2026-06-26.
  • Kestra Technologies — Senior Backend Engineer, AI Orchestration (link) — Europe (Remote). Posted 2026-06-26.
  • Kestra Technologies — Product Manager, AI (link) — Europe (Remote). Posted 2026-06-26.
  • Kestra Technologies — Product Engineer, AI (link) — Europe (Remote). Posted 2026-06-26.
  • GitLab — Senior Manager, Business Development (link) — Remote, Germany; Remote, Ireland; Remote, Netherlands; Remote, United Kingdom. Posted 2026-06-26.
  • GitLab — Senior Director, Field CTOs (link) — Remote, US. Posted 2026-06-26.
  • GitLab — Customer Success Manager- Public Sector (link) — Remote, US. Posted 2026-06-26.
  • Docker — Staff Software Engineer, Cloud Sandboxes (West Coast) (link) — Seattle, WA (Remote). Posted 2026-06-26.
  • ClickHouse — Cloud Engineer - Product Metrics (link) — United States (remote). Posted 2026-06-26.
  • ClickHouse — Cloud Engineer - Product Metrics (link) — Canada (remote). Posted 2026-06-26.
  • Akuity — Technical Customer Success Manager, AMER Central/East (link) — Remote - North America - West. Posted 2026-06-26.
  • Astronomer — Senior Solutions Architect - Airflow (East Coast) (link) — New York City. Posted 2026-06-26.
  • Redis — Technical Support Engineer (link) — United States. Posted 2026-06-26.
  • ClickHouse — Senior Engineering Manager - Security Engineering (link) — United States (remote). Posted 2026-06-26.
  • ClickHouse — Senior Engineering Manager - Security Engineering (link) — Netherlands (remote). Posted 2026-06-26.
  • GitLab — Public Sector Strategic Account Executive, FSI (link) — Remote, US. Posted 2026-06-26.
  • GitLab — Solutions Architect, LATAM (link) — Remote, Mexico. Posted 2026-06-26.
  • Mozilla — Director of Strategic Finance & Investment Strategy (link) — Remote US. Posted 2026-06-26.
  • Mozilla — Senior Engineering Manager, AI Product (Thunderbolt) (link) — Remote. Posted 2026-06-26.
  • Mozilla — Senior Engineering Manager, AI Product (Thunderbolt) (link) — Remote US. Posted 2026-06-26.
  • Mozilla — Senior Engineering Manager, AI Product (Thunderbolt) (link) — Remote Canada. Posted 2026-06-26.
  • Mozilla — Senior Software Engineer, Cloud Development (link) — Remote Canada. Posted 2026-06-26.
  • Tailscale — Customer Support Engineer (link) — Remote (United States). Posted 2026-06-26.
  • Tailscale — Customer Support Engineer (link) — Remote (Canada). Posted 2026-06-26.
  • Tailscale — Customer Support Engineer (link) — Remote (United Kingdom). Posted 2026-06-26.
  • Docker — Principal Software Engineer, Developer Tools (US West Coast) (link) — United States. Posted 2026-06-26.
  • Kestra Technologies — QA Engineer (link) — India. Posted 2026-06-26.
  • Sysdig — Engineering Manager (link) — Flexible - USA. Posted 2026-06-25.
  • GitLab — Customer Success Engineer, EMEA (link) — Remote, France; Remote, Germany; Remote, Ireland; Remote, Netherlands; Remote, Spain; Remote, United Kingdom. Posted 2026-06-25.
  • GitLab — Strategic Account Executive - Retail & Medial (link) — Remote, France. Posted 2026-06-25.
  • Grafana Labs — Senior Software Engineer - Grafana Cloud Observability Provider | Germany | Remote (link) — Germany (Remote). Posted 2026-06-25.
  • Grafana Labs — Senior Software Engineer - Grafana Cloud Observability Provider | Spain | Remote (link) — Spain (Remote). Posted 2026-06-25.
  • Grafana Labs — Senior Software Engineer - Grafana Cloud Observability Provider | Sweden | Remote (link) — Sweden (Remote). Posted 2026-06-25.
  • Grafana Labs — Senior Software Engineer - Grafana Cloud Observability Provider | UK | Remote (link) — United Kingdom (Remote). Posted 2026-06-25.
  • Mozilla — Senior Software Engineer, Firefox Security (link) — Remote France. Posted 2026-06-25.
  • Mozilla — Senior Software Engineer, Firefox Security (link) — Remote UK. Posted 2026-06-25.
  • Mozilla — Senior Software Engineer, Firefox Security (link) — Remote Finland. Posted 2026-06-25.
  • Mozilla — Senior Software Engineer, Firefox Security (link) — Remote Belgium. Posted 2026-06-25.
  • Mozilla — Senior Software Engineer, Firefox Security (link) — Remote Spain. Posted 2026-06-25.
  • Mozilla — Senior Software Engineer, Firefox Security (link) — Remote Netherlands. Posted 2026-06-25.
  • Mozilla — Senior Software Engineer, Firefox Security (link) — Remote Sweden. Posted 2026-06-25.
  • Chainguard — Field Marketing Manager - CEUR (link) — Germany - Remote. Posted 2026-06-25.
  • Chainguard — Senior Customer Success Manager - EMEA (link) — United Kingdom - Remote. Posted 2026-06-25.
  • Chainguard — Sr. Product Marketing Manager (link) — United States - Remote. Posted 2026-06-25.
  • Corelight — Lead Cloud Infrastructure Engineer / Site Reliability Engineer (SRE) (link) — North America. Posted 2026-06-25.
  • Corelight — Professional Services Engineer (link) — North America. Posted 2026-06-25.
  • GitLab — Director of Engineering, Analytics Platform & Products (link) — Remote, US. Posted 2026-06-25.
  • GitLab — Major Account Executive, Germany (link) — Remote, Germany. Posted 2026-06-25.
  • GitLab — Manager, Customer Success Operations (link) — Remote, US. Posted 2026-06-25.
  • GitLab — Senior Backend Engineer, Gitlab Delivery: Zero Downtime Upgrades (link) — Remote, India. Posted 2026-06-25.
  • GitLab — VP, Corporate Security (link) — Remote, US. Posted 2026-06-25.
  • Grafana Labs — Enterprise Account Executive, Acquisition | Carolinas | Remote (link) — United States (Remote). Posted 2026-06-25.
  • Tailscale — Customer Account Executive (link) — Hybrid (Denver, Colorado, United States). Posted 2026-06-25.
  • Tailscale — New Business Account Executive (link) — Hybrid (Vancouver, British Columbia). Posted 2026-06-25.
  • Tailscale — Senior Customer Account Executive (link) — Hybrid (Denver, Colorado, United States). Posted 2026-06-25.
  • Tailscale — Senior New Business Account Executive (link) — Hybrid (Denver, Colorado, United States). Posted 2026-06-25.
  • Temporal Technologies — Director, Integrated Marketing Campaigns (link) — United States - Remote Opportunity. Posted 2026-06-25.
  • Diagrid — Solutions Engineer (link) — Remote United Kingdom. Posted 2026-06-25.
  • Kestra — Director, Analyst Relations (link) — United States. Posted 2026-06-25.
  • LangChain — Product Manager, Fleet (link) — San Francisco, CA. Posted 2026-06-25.
  • n8n — Technical Customer Success Manager (link) — Germany. Posted 2026-06-25.
  • Redis — Regional Account Executive (link) — United States. Posted 2026-06-25.
  • Techpaladin LLC — KDE Plasma Developer (link) — Worldwide/Remote. Posted 2026-06-24.
  • GitLab — Senior Solutions Architect (link) — Remote, Germany. Posted 2026-06-24.
  • n8n — Sales Development Manager (link) — Boston. Posted 2026-06-24.
  • Astronomer — Customer Reliability Engineer - Infrastructure (link) — Remote (United States). Posted 2026-06-24.
  • Astronomer — Customer Reliability Engineer, Airflow (link) — Remote (United States). Posted 2026-06-24.
  • Supabase — Commercial FinOps Lead (link) — Remote. Posted 2026-06-24.
  • Acryl Data — Senior Software Engineer/ Tech lead - SaaS Platform & Product, OSS Product (link) — Bengaluru, Karnataka, India. Posted 2026-06-24.
  • Acquia — Key Account Manager (link) — Remote-United-Kingdom. Posted 2026-06-24.
  • Corelight — Enterprise Account Executive (Central) (link) — North America. Posted 2026-06-24.
  • Corelight — Senior Manager, Technical Account Management (TAM) (link) — North America. Posted 2026-06-24.
  • GitLab — High Velocity Enablement Lead (link) — Remote, US. Posted 2026-06-24.
  • GitLab — Senior Professional Services Partners Manager, Subcontractor Partner Solutions (link) — Remote, US. Posted 2026-06-24.
  • Grafana Labs — Regional Marketing Associate | UK | Remote (link) — United Kingdom (Remote). Posted 2026-06-24.
  • Tailscale — Senior Product Designer (link) — Remote (Canada). Posted 2026-06-24.
  • Tailscale — Senior Product Designer (link) — Remote (United States). Posted 2026-06-24.
  • Temporal Technologies — Global Account Manager (link) — United States - Remote Opportunity. Posted 2026-06-24.
  • Temporal Technologies — Staff Solutions Architect, New Logo - Central (link) — United States - Remote Opportunity. Posted 2026-06-24.
  • Airbyte — Solutions Architect (link) — San Francisco. Posted 2026-06-24.
  • LiveKit — Founding Motion Designer (link) — Remote, U.S. Posted 2026-06-24.
  • Kitware — Cleared AI Project Manager (link) — Clifton Park, New York. Posted 2026-06-24.
  • Grafana Labs — Staff AI Engineer - Grafana AI/ML | Canada | Remote (link) — Canada (Remote). Posted 2026-06-24.
  • Grafana Labs — Staff AI Engineer - Grafana AI/ML | USA | Remote (link) — United States (Remote). Posted 2026-06-24.
  • PlanetScale — Field Marketing Coordinator (link) — San Francisco, CA. Posted 2026-06-24.
  • Sonar — Sales Solutions Engineer (link) — Singapore. Posted 2026-06-23.
  • Logz.io — Account Manager – New & Existing Business (link) — Tel Aviv. Posted 2026-06-23.
  • Mozilla — Senior Software Engineer, Firefox Security (link) — Remote Germany. Posted 2026-06-23.
  • Mozilla — Senior Software Engineer, Firefox Security (link) — Remote Canada. Posted 2026-06-23.
  • Grafana Labs — Senior Solutions Engineer | West Coast | Remote (link) — United States (Remote). Posted 2026-06-23.
  • Grafana Labs — Senior Software Engineer - Grafana Databases, Managed Services | Germany | Remote (link) — Germany (Remote). Posted 2026-06-23.
  • GitLab — Customer Success Manager (link) — Remote, North America. Posted 2026-06-23.
  • Teleport — Senior Backend Engineer - Platform Scalability - UK (link) — United Kingdom (Remote). Posted 2026-06-23.
  • Teleport — Senior Backend Engineer - Platform Scalability - Ireland (link) — Ireland (Remote). Posted 2026-06-23.
  • InnoCraft — Full Stack Engineer - Innovation Team (100% Remote United Kingdom) (link) — London, United Kingdom. Posted 2026-06-23.
  • InnoCraft — Full Stack Engineer - Innovation Team (100% Remote Ireland) (link) — Dublin, Ireland. Posted 2026-06-23.
  • InnoCraft — Full Stack Engineer - Innovation Team (100% Remote Germany) (link) — Frankfurt, Germany. Posted 2026-06-23.
  • Redis — Senior Software Engineer, AI and Search Team (link) — Israel. Posted 2026-06-23.
  • Temporal Technologies — Staff Solutions Architect, New Logo - UK (link) — United Kingdom. Posted 2026-06-23.
  • Teleport — VP of Finance (link) — San Francisco Bay Area, CA. Posted 2026-06-23.
  • Supabase — Brand Designer (link) — Remote. Posted 2026-06-23.
  • Redis — Senior Product Security Engineer - InfoSec - Bulgaria (link) — Bulgaria. Posted 2026-06-23.
  • NetBox Labs — Solutions Engineer (link) — US, CST Remote. Posted 2026-06-23.
  • Grafana Labs — Senior Solutions Engineer | East Coast | Remote (link) — United States (Remote). Posted 2026-06-23.
  • Grafana Labs — Senior Field Engineer | Netherlands | Remote (link) — Netherlands (Remote). Posted 2026-06-23.
  • Docker — Principal Software Engineer, Docker Hardened Images (link) — Canada. Posted 2026-06-23.
  • Chainguard — Commercial Account Executive - CEUR (Germany) (link) — Germany - Remote. Posted 2026-06-23.
  • Canonical — Linux Desktop Support Associate (London UK office) (link) — Office Based - London, UK. Posted 2026-06-23.
  • Canonical — Cloud Support Engineer (London UK office) (link) — Office Based - London, UK. Posted 2026-06-23.
  • Acquia — Staff AI Engineer (Acquia DAM) (link) — Remote-United-States. Posted 2026-06-23.
  • Acquia — Staff AI Engineer (Acquia DAM) (link) — Remote-Canada. Posted 2026-06-23.
  • LiveKit — GTM Systems Engineer (link) — Remote, U.S. Posted 2026-06-23.
  • Buoyant — Engineering Manager, Linkerd / Kubernetes Infrastructure (link) — Remote. Posted 2026-06-23.
  • Buoyant — Linkerd Data Plane Engineer (link) — Remote. Posted 2026-06-23.
  • Buoyant — Linkerd Control Plane Engineer (link) — Remote. Posted 2026-06-23.
  • Pulumi — Senior Software Engineer, IaC Cloud (link) — Remote. Posted 2026-06-23.
  • n8n — Senior Revenue Systems Manager (link) — Berlin Office. Posted 2026-06-22.
  • Chainguard — Technical Recruiting Manager (link) — United States - Remote. Posted 2026-06-22.
  • FOSSA — Senior Software Engineer (Analysis) (link) — Toronto, Ontario, Canada - Remote. Posted 2026-06-26.
  • FOSSA — Senior Software Engineer (Analysis) (link) — Vancouver, British Columbia, Canada - Remote. Posted 2026-06-26.
  • Apryse — Manager, Open Source Lead Discovery (link) — Georgia, United States. Posted 2026-06-26. Deadline 2026-07-26.
  • Element — Legal Counsel (link) — Remote. Posted 2026-06-25. Deadline 2026-07-14.
  • Black Duck Software — Lead Technical Account Manager (link) — Bangalore. Posted 2026-06-25.
  • Endor Labs — Partner Solutions Architect (link) — Remote US. Posted 2026-06-25.
  • Apple — Open Source and Standards Diligence Patent Attorney or Agent (link) — Austin, Culver City, Cupertino, New York City, San Diego, Washington DC. Posted 2026-06-25.
  • FOSSA — Sales Engineer (link) — US and Canada Remote. Posted 2026-06-24.
  • Red Hat — SEAP Compliance Specialist (link) — Remote US. Posted 2026-06-24. Deadline 2026-07-18.
  • Chainguard — Legal Counsel, Commercial (link) — United Kingdom - Remote. Posted 2026-06-23.
  • Black Duck Software — Technical Account Manager (link) — United Kingdom. Posted 2026-06-23.
  • Sonatype — Staff Product Designer (link) — Colombia - Remote. Posted 2026-06-23.
  • LiveKit — Head of Legal (link) — Remote, U.S. Posted 2026-06-23.
  • Black Duck — Lead Analyst, Forecasting & Pipeline Management (link) — US Remote or Hybrid. Posted 2026-06-23.
  • newsletter
  • funding
  • open source
  • governance
  • ai
  • security
  • licensing
  • foundations
  • sustainability
  • jobs