July 6, 2026

Issue #15: Funding the security bottleneck

This week follows direct maintainer funding, AI-era security triage, and foundation governance as open-source infrastructure absorbs more operational pressure.

This week in Open Source Funded: maintainers are still asking downstream users to treat open source as infrastructure, not charity. Servo is publishing steady progress on less than $8,000 a month, Rust is formalizing maintainer support, and new grants, sponsorships, and commercial backporting efforts are clustering around the same bottleneck: review, security, and long-term maintenance.

Funding, licensing, and project independence

Servo’s monthly update showed the open-source browser engine continuing to ship layout, DOM, WebGPU, and platform improvements while operating on less than $8,000 in monthly donations, a sharp reminder that browser infrastructure can be both technically ambitious and financially thin (Phoronix).

The Rust Foundation Maintainers Fund moved from idea to operations. Open Source Security interviewed Lori Lorusso and Niko Matsakis about funding Rust maintainers through the foundation (Open Source Security), and the Rust Leadership Council said a new Funding team will administer the fund, allocate $50,000 for maintainer support, and take over project grants (Inside Rust).

Canonical became the first Gold sponsor of the Trifecta Tech Foundation, backing Rust-based infrastructure projects such as sudo-rs and the foundation’s work on safer systems components (Phoronix). Meta marked ten years of Python Software Foundation sponsorship, tying its funding and engineer contributions to Python maintainers, core language work, PSF programs, and tools such as Pyrefly (Meta Engineering).

EXANTE used its €1 million Gecko Fund to argue that finance firms should stop treating widely used open-source projects as hobbies and start funding audits, maintenance, and engineering capacity as business infrastructure (TechRadar). Aaron D. Campbell made the same budget argument more directly: corporate open-source support should be a continuity expense tied to security, reliability, and replacement cost, not philanthropy (Aaron D. Campbell).

Google Open Source summarized maintainer feedback on what predictable corporate support should look like, including direct funding, clearer contribution records, CLA visibility, and support that is not reduced to pull-request counts (Google Open Source Blog). Andrew Nesbitt similarly argued that infrastructure metaphors should become infrastructure practice: inventories, inspections, risk ratings, and recurring formula funding for maintained software dependencies (Andrew Nesbitt).

wallabag.it said its hosted service will directly fund Yassine Guedidi to build features, spam protection, RSS and Atom management, email saving, and security work that will be contributed back to the open-source wallabag project (wallabag.it). Xubuntu and Xfce contributor Sean Davis updated sponsorship tiers for open-source infrastructure, documentation, testing hardware, mentorship, and community work while emphasizing that sponsorship does not replace project governance (Sean Davis).

Trail of Bits said Sovereign Tech Agency funding supported post-quantum cryptography work in pyca/cryptography 48, bringing ML-KEM and ML-DSA primitives to Python ecosystem projects including Ansible, Certbot, Apache Airflow, and Paramiko (Trail of Bits). Scripps Research received two Gates Foundation grants totaling $2 million for wastewater disease surveillance and outbreak prediction, including continued development of the open-source Freyja platform and openly available protocols and bioinformatics tools (Scripps Research).

Aikido Security acquired Root to backport vulnerability fixes into older open-source dependency versions, positioning commercial patch backports as an option when organizations cannot upgrade immediately (The New Stack). Continuent joined the MariaDB Foundation as a Silver Sponsor, adding support for MariaDB Server and the MySQL-compatible open-source deployment ecosystem (MariaDB Foundation).

RSK forked the decommissioned open-source IdentityServer4 into Open.IdentityServer, betting that a free, supported fork can compete with Duende’s paid migration path after IdentityServer’s commercialization (The New Stack). PrimeTek announced PrimeUI, moving future major versions of PrimeNG, PrimeReact, and PrimeVue from MIT-licensed releases to paid commercial licensing for larger organizations while leaving existing MIT versions unchanged and offering free community licenses for eligible small users (PrimeTek).

Fenris Creations released EVE Online’s Carbon game engine on GitHub under mostly MIT licensing, saying the move is meant to build trust, invite fixes and forks, and let others reuse the engine (GamesIndustry.biz). JetBrains will sunset Kotlin Notebook as a maintained IntelliJ IDEA product, unbundle it from IntelliJ IDEA 2026.2, publish the plugin source under Apache-2.0, and leave future development to the community (JetBrains).

Wordgard 0.1 arrived as an MIT-licensed rich-text editor toolkit from Marijn Haverbeke, who used the release to explain how permissive licensing, AI scraping, and AI-generated pull requests are changing the funding and maintenance model for open-source infrastructure (Marijn Haverbeke). Flipper Devices said it will keep maintaining the open-source Flipper Zero firmware after community pushback, while tightening contribution rules for AI-generated low-level code and publishing integration tests for community regression testing (Flipper Devices).

Shopify and Shopline settled Shopify’s lawsuit over alleged copying of the open-source Dawn storefront theme into Shopline’s Seed template; Shopify said the confidential agreement includes payment and bars further Seed distribution (BetaKit). Xinuos, SCO’s legal successor, is trying to revive old Project Monterey license and copyright claims against IBM, extending the decades-long Unix and Linux ownership dispute (The Register).

AI, security, and maintainer capacity

Godot moved from clarification to stricter policy as AI-generated pull requests increased review burden. The project now bans autonomous-agent and vibe-coded work, limits substantial AI-generated code, requires disclosure, and raises barriers for large changes from new contributors (Godot); PC Gamer summarized the maintainer concern as a trust problem when contributors cannot understand their own submissions well enough to maintain them (PC Gamer).

The Linux kernel discussion is taking a more granular path. LWN reported on two memory-management patch sets written with LLM assistance by established kernel developers (LWN), while Phoronix reported renewed debate over whether Linux should keep or drop an Assisted-by tag for AI-created patches (Phoronix). Joey Hess described spending about 100 hours auditing git-annex dependencies to avoid LLM-generated code because of quality, copyright, and maintainer-burden concerns (Joey Hess).

Node.js maintainers are considering whether the AI-driven surge in vulnerability reports should push lower-severity security issues into public workflows while preserving private embargoes for higher-severity bugs (Socket). The GitHub Advisory Database is facing similar volume pressure, with Help Net Security reporting growing review delays even as GitHub adds AI-assisted curation, automation, and stricter triage to avoid false positives (Help Net Security).

AI-assisted vulnerability work is also widening the patch backlog. Help Net Security reported that Anthropic’s Claude Mythos Preview produced 1,596 verified open-source vulnerability reports in about nine weeks while credited fixes lagged far behind (Help Net Security); WinBuzzer connected AI bug hunting to a spike in high- and top-severity CVE disclosures and pressure on maintainer patch capacity (WinBuzzer). James Berthoty argued that this is pushing more vulnerability management into private-company workflows unless downstream users fund normal disclosure, public timelines, patches, and maintainers (Latio).

The security failure modes are becoming more concrete. Adversa AI reported GuardFall, a shell-injection class in open-source AI coding agents where poisoned repositories, README files, or Makefiles can bypass pattern-based command guards (Adversa AI); The Hacker News reported that related testing bypassed shell-command safety checks in ten of eleven open-source AI coding and computer-use agents (The Hacker News).

Other attacks moved from theory to incident reports. eWeek described a Mozilla 0DIN proof of concept where a clean-looking GitHub repository can prompt an AI coding agent to fetch a DNS-hosted payload and open a reverse shell (eWeek). The Hacker News reported that Sysdig observed a ransomware attack run end-to-end by an AI agent after exploiting an old patched RCE in open-source Langflow (The Hacker News). Open Source For You reported that malicious skills in OpenClaw’s ClawHub marketplace abused trusted AI-agent permissions, prompting calls for least privilege, sandboxing, runtime isolation, and publisher verification (Open Source For You).

Infosecurity Magazine reported that a pseudonymous researcher published more than 30 proof-of-concept exploits for zero-days in open-source projects without first disclosing them to maintainers, saying the fuzzing workflow was automated with OpenAI tools (Infosecurity Magazine). OSTIF published a CNCF-backed Cortex audit by Quarkslab covering fixes for seven security-impacting findings in the open-source long-term storage project for Prometheus and OpenTelemetry (OSTIF).

Maintainer workflow experiments continue alongside the warnings. Simon Willison described using Claude Fable in Claude Code to prepare sqlite-utils 4.0rc2, including AI-assisted review, test fixes, SemVer checks, and release-engineering cost tracking (Simon Willison). The New Stack reported on research finding that AI coding agents have not yet erased the beginner-friendly open-source issues that help new contributors join projects (The New Stack). Dries Buytaert argued that AI could lower contribution barriers only if projects invest in shared access, skills, review norms, and accountability instead of shifting more burden to maintainers (Dries Buytaert).

Fedora paused discussion of a proposed AI Developer Desktop after heated community debate over packaging local AI and machine-learning workflows, showing how AI features can become distribution-governance issues even when they are not model-release stories (Phoronix). F-Droid warned that Google’s Android Developer Verification program could centralize app installation behind registration, fees, identity checks, signing-key registration, and undefined malware terms, threatening independent free-software distribution (F-Droid).

Digital sovereignty and public-interest infrastructure

OpenProject and XWiki joined EuroCommons, a Caisse des Dépôts-led initiative that pools users, vendors, integrators, and foundations to fund and coordinate migration from proprietary tools such as Jira and Confluence to European-governed open-source alternatives (OpenProject). The Sovereign Tech Agency recapped UN Open Source Week around digital public infrastructure, shared responsibility, and public investment in open-source digital commons (Sovereign Tech Agency).

The Eclipse Foundation and the Open Regulatory Compliance Working Group launched a free ORC Learning Hub to help maintainers, project stewards, OSPOs, and software teams prepare for the EU Cyber Resilience Act’s September 2026 obligations (GlobeNewswire). Software Freedom Conservancy criticized GitHub and other generative-AI companies over California AI Transparency Act lobbying, arguing that license-termination requirements do not conflict with FOSS licensing principles (SFC).

The Free Software Foundation asked supporters to fund its campaigns team through associate memberships, citing work on age-verification laws, VPN bans, DRM opposition, proprietary-software threats, and a summer goal of 175 new members (FSF).

Projects joining a foundation

Apache Magpie, a project providing platform infrastructure for agent-assisted repository maintainership, became an Apache Software Foundation Top-Level Project (ASF). Apache Livy, the Spark REST API service, also graduated to an Apache Top-Level Project with its own project management committee (Open Source For You).

OpenTelemetry graduated to the CNCF’s highest maturity level, recognizing the observability framework’s production readiness, vendor-neutral governance, and broad adoption (InfoQ). HAMi, a Kubernetes GPU virtualization and heterogeneous accelerator scheduling project, moved from CNCF Sandbox to Incubating status (Saiyam Pathak).

The Rust Foundation welcomed Wild, a fast Linux linker project, into its Rust Innovation Lab as a board-approved hosted project (Rust Foundation). TYPO3 joined the PHP Foundation as a Silver Sponsor, supporting language development, security work, infrastructure, and ecosystem maintenance (TYPO3).

Enphase Energy joined the Open Compute Project Foundation as a Platinum member to contribute power-electronics expertise to open standards for AI data-center power infrastructure (Barchart). Shopify joined the PyTorch Foundation as a Platinum member, gaining a governing-board seat and a formal role in the Linux Foundation-hosted open-source machine-learning framework ecosystem (PyTorch). iTmethods joined the Linux Foundation as a Silver member and will participate in FINOS and the Agentic AI Foundation on governance standards for regulated agentic AI infrastructure (Yahoo Finance).

Jobs

Foundations and core infrastructure

  • Wikimedia Foundation — Italian Translator / Linguist (Contract) (link) — Remote. Posted 2026-07-06.

Community and developer relations

  • LiveKit — Staff Developer Advocate - Community & Events (link) — Hybrid, San Francisco. Posted 2026-07-03.
  • Kernel — Founding Marketer (link) — San Francisco. Posted 2026-07-02.
  • Temporal Technologies — Events & Field Marketing Manager - India (link) — India. Posted 2026-07-02.
  • CloudLinux — Senior Manager, WordPress Ecosystem Marketing (remote-only, Europe) (link) — Remote (Europe). Posted 2026-07-01.
  • LangChain — Content Lead (link) — San Francisco, CA. Posted 2026-06-30.
  • Grafana Labs — Social Media and Influencer Relations Associate (link) — United States (Remote). Posted 2026-06-30.
  • Docker — Staff Integrated Campaigns Manager (link) — United States. Posted 2026-06-30.
  • Docker — Digital Marketing Manager (link) — United States. Posted 2026-06-30.
  • Docker — Staff Designer, Brand (link) — Canada. Posted 2026-06-30.

Sustainability and commercial open source

  • DataHub — DevOps (link) — Bengaluru, Karnataka, India. Posted 2026-07-06.
  • GitLab — Engineering Manager, AI Engineering: Chat (link) — Remote, Americas; Remote, Canada. Posted 2026-07-06.
  • Corelight — Director, Technical Publications (link) — North America. Posted 2026-07-06.
  • Mozilla — Staff Program Manager, Trust & Safety (link) — Remote. Posted 2026-07-06.
  • Chainguard — Senior Partner Solutions Architect - East (link) — United States - Remote. Posted 2026-07-06.
  • ClickHouse — Senior Security Automation Engineer (link) — United States (remote). Posted 2026-07-06.
  • Canonical — Content Marketing Manager (link) — Home based - EMEA. Posted 2026-07-06.
  • GitLab — Engineering Manager, Cell Infrastructure (link) — Remote. Posted 2026-07-06.
  • GitLab — Manager, Customer Success Managers, EMEA (link) — Remote, Austria; Remote, Germany. Posted 2026-07-06.
  • GitLab — Senior Program Manager, Enterprise Technology & AI (link) — Remote, Bangalore. Posted 2026-07-06.
  • Mozilla — Staff Program Manager, Trust & Safety (link) — Remote Canada. Posted 2026-07-06.
  • Mozilla — Staff Program Manager, Trust & Safety (link) — Remote UK. Posted 2026-07-06.
  • Mozilla — Staff Program Manager, Trust & Safety (link) — Remote US. Posted 2026-07-06.
  • Teleport — Senior Site Reliability Engineer - US (link) — United States (Remote). Posted 2026-07-06.
  • JetBrains — Backend Customer Success Engineer (Kotlin Ecosystem) -m/w/d (link) — Berlin, Germany; Munich, Germany; Remote, Germany. Posted 2026-07-06.
  • JetBrains — Backend Customer Success Engineer (Kotlin Ecosystem) (link) — Amsterdam, Netherlands; Prague, Czech Republic. Posted 2026-07-06.
  • JetBrains — Backend Customer Success Engineer (Kotlin Ecosystem) (link) — Foster City, California; Marlton, New Jersey; Remote, United States. Posted 2026-07-06.
  • GitLab — Commercial Account Executive (Mid-Market) - Australia (link) — Remote, Australia. Posted 2026-07-05.
  • Redis — Technical Account Manager - Costa Rica (link) — Costa Rica. Posted 2026-07-04.
  • Supabase — Control Plane Engineer (link) — Remote (AMER). Posted 2026-07-03.
  • Mozilla — Director of Product, Gaming (New Products) (link) — Remote. Posted 2026-07-03.
  • Supabase — Senior Data Engineer (link) — Remote. Posted 2026-07-03.
  • CloudLinux — Engineering Manager, Language Security (TuxCare) (link) — Remote (Warsaw, Poland). Posted 2026-07-03.
  • JetBrains — Business Development Manager (Commercial Programs) (link) — Amsterdam, Netherlands; Prague, Czech Republic. Posted 2026-07-02.
  • JetBrains — Key Account Manager (Central Eastern Europe) (link) — Warsaw, Poland. Posted 2026-07-02.
  • Canonical — Engineering Manager - Python and K8s (link) — Home Based - APAC; Home based - EMEA. Posted 2026-07-02.
  • JetBrains — QA Automation Engineer (IntelliJ IDEA Java Build Tools) (link) — Belgrade, Berlin, Limassol, Madrid, Munich, Paphos, Prague, Warsaw, or Yerevan. Posted 2026-07-02.
  • JetBrains — TeamCity Customer Success Engineer -Post-sales (m/w/d) (link) — Berlin, Germany; Munich, Germany; Remote, Germany. Posted 2026-07-02.
  • JetBrains — TeamCity Customer Success Engineer (Post-sales) - US (link) — Marlton, New Jersey. Posted 2026-07-02.
  • JetBrains — TeamCity Customer Success Engineer (Post-sales) (link) — Amsterdam, Netherlands; Limassol, Cyprus; Paphos, Cyprus; Prague, Czech Republic. Posted 2026-07-02.
  • Grafana Labs — Commercial Account Executive, Acquisition | Melbourne | Remote (link) — Australia (Remote). Posted 2026-07-02.
  • Grafana Labs — Staff Backend Engineer - Adaptive Telemetry, Databases | Canada | Remote (link) — Canada (Remote). Posted 2026-07-02.
  • Grafana Labs — Staff Backend Engineer - Adaptive Telemetry, Databases | USA | Remote (link) — United States (Remote). Posted 2026-07-02.
  • Mastra — Product Engineer (link) — Remote. Posted 2026-07-02.
  • LangChain — Recruiting Coordinator - Contract (link) — New York, NY. Posted 2026-07-02.
  • Airbyte — Director, Data & Analytics (link) — San Francisco. Posted 2026-07-02.
  • Docker — Staff Product Manager, Infrastructure & AI Dev Tools (link) — United States. Posted 2026-07-02.
  • Teleport — Product Designer (link) — United States (Remote). Posted 2026-07-02.
  • Kernel — Solutions Engineer (link) — San Francisco. Posted 2026-07-02.
  • Grafana Labs — Staff AI Product Analyst, Product Management | Sweden | Remote (link) — Sweden (Remote). Posted 2026-07-02.
  • Grafana Labs — Staff AI Product Analyst, Product Management | Spain | Remote (link) — Spain (Remote). Posted 2026-07-02.
  • Grafana Labs — Staff AI Product Analyst, Product Management | Germany | Remote (link) — Germany (Remote). Posted 2026-07-02.
  • Grafana Labs — Staff AI Product Analyst, Product Management | UK | Remote (link) — United Kingdom (Remote). Posted 2026-07-02.
  • Grafana Labs — Staff AI Product Analyst, Product Management | Canada | Remote (link) — Canada (Remote). Posted 2026-07-02.
  • Grafana Labs — Staff AI Product Analyst, Product Management | USA, EST | Remote (link) — United States (Remote). Posted 2026-07-02.
  • Grafana Labs — Staff Software Engineer - Databases SRE | Ireland | Remote (link) — Republic of Ireland (Remote). Posted 2026-07-02.
  • Grafana Labs — Staff Software Engineer - Platform, SysEng | Canada | Remote (link) — Canada (Remote). Posted 2026-07-02.
  • Grafana Labs — Staff Software Engineer - Platform, SysEng | USA | Remote (link) — United States (Remote). Posted 2026-07-02.
  • n8n — Mid-Market Account Executive (link) — Boston. Posted 2026-07-02.
  • Acquia — Manager, Security Engineering (link) — Remote-Canada. Posted 2026-07-02.
  • GitLab — New Business Account Executive - Nordics (link) — Remote, Netherlands; Remote, Sweden. Posted 2026-07-02.
  • Chainguard — Enterprise Business Development Representative - East (link) — United States - Remote. Posted 2026-07-02.
  • ClickHouse — Senior Security Automation Engineer (link) — Netherlands (remote). Posted 2026-07-02.
  • GitLab — Commercial Account Executive - Nordics (link) — Remote, Sweden. Posted 2026-07-02.
  • GitLab — Customer Success Architect (link) — Remote; Remote, United Arab Emirates. Posted 2026-07-02.
  • GitLab — Director, Strategic Partnerships (link) — Remote, US. Posted 2026-07-02.
  • GitLab — Engineering Manager, Geo for Self-Managed Customers (link) — Remote, United Kingdom. Posted 2026-07-02.
  • GitLab — Principal Product Manager, Engineering Intelligence & Insights (link) — Remote, Canada; Remote, US. Posted 2026-07-02.
  • GitLab — Professional Services Program Manager (link) — Remote, US. Posted 2026-07-02.
  • GitLab — Senior Customer Success Architect, France (link) — Remote, France. Posted 2026-07-02.
  • GitLab — Senior Manager, Product Management: Agentic Software Delivery (link) — Remote, Canada; Remote, US. Posted 2026-07-02.
  • GitLab — Senior Software Engineer (RoR/Go), SSCS: Authentication (link) — Remote, Canada. Posted 2026-07-02.
  • Tailscale — Billing Engineer (link) — Remote (United States). Posted 2026-07-02.
  • Tailscale — Billing Engineer (link) — Remote (Canada). Posted 2026-07-02.
  • Temporal Technologies — Account Executive, New Logo (Austin, Texas) (link) — United States - Remote Opportunity. Posted 2026-07-02.
  • Temporal Technologies — Senior Solutions Architect, Commercial - SF (link) — United States - Remote Opportunity. Posted 2026-07-02.
  • Astronomer — Senior Software Engineer, Build (link) — New York City. Posted 2026-07-02.
  • Docker — Senior Business Development Representative (link) — England. Posted 2026-07-02.
  • Docker — Staff Solutions Engineer (Japan) (link) — Japan. Posted 2026-07-02.
  • Mozilla — Senior Software Engineer, Cloud Engineering (link) — Remote Canada. Posted 2026-07-01.
  • GitLab — Director of Engineering, Security Factory (link) — Remote, Israel; Remote, United Kingdom. Posted 2026-07-01.
  • GitLab — Director of Engineering, Growth & Monetization (link) — Remote, Canada; Remote, US. Posted 2026-07-01.
  • GitLab — Manager, Business Development (link) — Remote, North America. Posted 2026-07-01.
  • GitLab — Strategic Account Executive, San Francisco (link) — Remote, US. Posted 2026-07-01.
  • ClickHouse — Senior Cloud Engineer - Product Metrics (link) — Europe (remote). Posted 2026-07-01.
  • Grafana Labs — Staff Software Engineer – Identity and Access, Identity Squads | Ireland | Remote (link) — Republic of Ireland (Remote). Posted 2026-07-01.
  • Grafana Labs — Staff Software Engineer – Identity and Access, Identity Squads | Spain | Remote (link) — Spain (Remote). Posted 2026-07-01.
  • Grafana Labs — Staff Software Engineer – Identity and Access, Identity Squads | UK | Remote (link) — United Kingdom (Remote). Posted 2026-07-01.
  • Docker — Senior Software Engineer, Growth (link) — Canada; United States. Posted 2026-07-01.
  • GitLab — Senior Backend Engineer (Ruby), AI Engineering: Duo Agent Platform Tools (link) — Remote, Canada; Remote, United Kingdom. Posted 2026-07-01.
  • GitLab — Backend Engineer (Ruby), AI Engineering: Duo Agent Platform Tools (link) — Remote, Canada; Remote, United Kingdom. Posted 2026-07-01.
  • Acryl Data — Engineering Manager (link) — East Coast Remote. Posted 2026-07-01.
  • GitLab — Professional Services Technical Architect (link) — Remote, Canada; Remote, US. Posted 2026-07-01.
  • Grafana Labs — Marketing Analytics Director | United States | Remote (link) — United States (Remote). Posted 2026-07-01.
  • Grafana Labs — Marketing Analytics Director | Canada | Remote (link) — Canada (Remote). Posted 2026-07-01.
  • Temporal Technologies — Director of Sales, New Logo (link) — United States - Remote Opportunity. Posted 2026-07-01.
  • LiveKit — Forward Deployed Engineer (link) — Remote, San Francisco. Posted 2026-07-01.
  • LiveKit — Forward Deployed Engineer (link) — Remote, Seattle. Posted 2026-07-01.
  • LiveKit — Technical Account Manager (link) — Remote, U.S.. Posted 2026-07-01.
  • LiveKit — Technical Account Manager (link) — Remote, London. Posted 2026-07-01.
  • Akuity — Enterprise Account Executive, EMEA (link) — Remote - EMEA. Posted 2026-07-01.
  • Mattermost — Senior Account Executive (Enterprise) (link) — United States. Posted 2026-07-01.
  • ClickHouse — Accounts Receivable and Billing Operations Manager (link) — United States (remote). Posted 2026-07-01.
  • GitLab — Incentive Compensation Manager (link) — Remote, Singapore; Remote, US. Posted 2026-07-01.
  • Logz.io — Account Executive – New Business (link) — Boston, MA. Posted 2026-07-01.
  • Acceldata — Manager, Deal Desk (link) — United States. Posted 2026-07-01.
  • Acceldata — Senior Manager, Sales Enablement (link) — United States. Posted 2026-07-01.
  • JetBrains — QA Performance Engineer (YouTrack) (link) — Munich, Germany. Posted 2026-06-30.
  • NetBox Labs — Sales Development Representative (link) — UK Remote. Posted 2026-06-30.
  • LangChain — Software Engineering Manager, Database (SmithDB) (link) — San Francisco, CA. Posted 2026-06-30.
  • Redis — Manager, GTM Systems Engineering (link) — United States. Posted 2026-06-30.
  • Chainguard — Solutions Architect - Commercial (link) — United States - Remote. Posted 2026-06-30.
  • GitLab — Senior Solutions Architect (link) — Remote, United Kingdom. Posted 2026-06-30.
  • GitLab — Solutions Architect (link) — Remote, United Kingdom. Posted 2026-06-30.
  • GitLab — Global Sales Development Operations Senior Associate (link) — Remote, Germany; Remote, Ireland; Remote, Netherlands; Remote, United Kingdom. Posted 2026-06-30.
  • n8n — Enterprise Account Executive (link) — London Office. Posted 2026-06-30.
  • Acceldata — Technology Alliances Manager – Storage Alliances (link) — United States. Posted 2026-06-30.
  • Airbyte — Engineering Manager, Platform - Hiring Sprint (link) — San Francisco. Posted 2026-06-30.
  • LangChain — Enterprise Account Executive (UK) (link) — London. Posted 2026-06-30.
  • Grafana Labs — Senior Finance Analytics Manager | United States | Remote (link) — United States (Remote). Posted 2026-06-30.
  • Tailscale — Windows Engineer (link) — Remote (United States). Posted 2026-06-30.
  • Tailscale — Windows Engineer (link) — Remote (Canada). Posted 2026-06-30.
  • Chainguard — Executive Business Partner, Revenue (GVP Americas & GVP International) (link) — New York - Remote. Posted 2026-06-30.
  • CloudLinux — Enterprise Account Executive (remote-only Europe) (link) — Remote (Europe). Posted 2026-06-30.
  • Corelight — Lead Software Engineer - Applications (link) — North America. Posted 2026-06-30.
  • Corelight — Senior Legal Counsel (link) — North America. Posted 2026-07-06.
  • Black Duck Software — DevOps Engineer 2 (Intermediate) (link) — Calgary, AB. Posted 2026-07-03.
  • Black Duck Software — Senior Vulnerability Manager (link) — Belfast. Posted 2026-07-03.
  • Black Duck Software — Senior Engineer, DevOps (link) — Belfast. Posted 2026-07-03.
  • Black Duck Software — Lead Product Owner (Q2F) East Coast (link) — Grand Toronto Area (East Coast). Posted 2026-07-02.
  • Sonatype — Channel Partner Manager (link) — UK - Remote. Posted 2026-07-02.
  • Black Duck Software — Lead Product Owner (Q2F) (link) — Burlington, MA. Posted 2026-07-02.
  • Mattermost — GRC Manager (link) — United States. Posted 2026-07-02.
  • Redis — Senior Commercial Counsel (link) — London, England. Posted 2026-07-02.
  • Redis — Senior Commercial Counsel (link) — United States. Posted 2026-07-02.
  • Black Duck Software — Application Security Engineer (West Coast) (link) — California, Oregon, Washington (Remote). Posted 2026-07-01.
  • Black Duck Software — Application Security Engineer (East Coast) (link) — Burlington, MA. Posted 2026-07-01.
  • Black Duck Software — Senior Program Manager (link) — US Remote or Hybrid. Posted 2026-07-01.
  • Black Duck Software — Senior Director, Enterprise Sales - New Logo (NAMER) (link) — United States (Remote). Posted 2026-06-30.
  • Black Duck Software — Software Engineer 3 (link) — Bangalore. Posted 2026-06-30.
  • GitLab — Senior Manager, Security Compliance (link) — Remote, US. Posted 2026-06-30.
  • Perforce — Corporate Counsel (link) — Minneapolis, MN. Posted 2026-06-30.
  • newsletter
  • funding
  • open source
  • governance
  • ai
  • security
  • licensing
  • foundations
  • sustainability
  • jobs