Alpha-Omega (AO) is an associated project of the OpenSSF, established in February 2022. Its mission is to protect society by catalyzing sustainable security improvements to the most critical open source software projects and ecosystems.
FreeBSD is the most commonly used BSD-derived operating system. It is a complete system, delivering a kernel, device drivers, userland utilities, and documentation. Much of its codebase has become an integral part of popular and critical products and services globally.
FreeBSD was granted funding by AO, under the "Beach Cleaning Project" umbrella, for the purpose of improving the security and maintenance of third-party software within the FreeBSD base system.
The objectives of this project include:
- Establishing a list of the different dependencies in the base system,
- Assessing the corresponding security risk and posture,
- Integrating tools for open source intelligence, (e.g., from ecosyste.ms)
- Assigning priorities for the components most at risk,
- Formalizing their respective owners in the FreeBSD project,
- Fixing, forking, or foregoing components and vulnerabilities.
The current timeline is set as follows:
| Phase | Start date | End date | Status | Notes |
|---|---|---|---|---|
| Inventory of dependencies | 25/08/2025 | 07/09/2025 | Done | Deliverable |
| Security risk assessments | 08/09/2025 | 21/09/2025 | Done | Deliverable |
| Propose list of priorities | 22/09/2025 | 28/09/2025 | In progress | Continuous review and adjustments |
| Plan the respective actions | 29/09/2025 | 26/10/2025 | Coordination with the owners | |
| Formalize code owners | 27/10/2025 | 30/11/2025 | Deliverable | |
| Integrate review methodologies | continuous | See 1 | ||
| Plan execution & coordination | continuous | |||
| Final report | 09/03/2026 | 30/03/2026 |
Monthly reports are submitted to the Alpha-Omega project: