Open Source Sustainability Initiative

The Commonhaus Foundation Open Source Sustainability Initiative (OSSI) recognizes organizations that take responsibility for the security and stability of open source software beyond its end-of-life (EOL). For organizations that depend on EOL software but cannot yet upgrade, OSSI partners provide continued security support and compatibility fixes.

Explore our partners below, or learn more about the initiative and how to join.

Coming soon 🚀

About the Initiative

Legacy codebases, compliance requirements, and complex dependency chains can make immediate upgrades impractical. Our OSSI partners bridge that gap, providing ongoing support for EOL software so that project maintainers can focus on what's next.

Commonhaus projects are expected to clearly identify end-of-life and unsupported releases and link to this initiative as a resource for users seeking continued support.

Partner commitments

Each OSSI partner determines which software and versions it supports. Inclusion in OSSI does not mean that every partner supports every Commonhaus project or every EOL release.

For the software a partner does support, you can expect them to:

• identify, triage, and remediate security vulnerabilities in EOL software;
• deliver security and compatibility fixes to users who cannot yet upgrade;
• coordinate vulnerability disclosure with Commonhaus projects and upstream maintainers.

Joining the Initiative

Participation is open to organizations that meet all of the following requirements:

• Active Gold or Silver annual sponsorship of the Commonhaus Foundation;
• Current SOC 2 Type 1 and Type 2 certification(s);
• Substantive prior work on at least two (2) CVEs affecting EOL open source software relevant to Commonhaus projects, including remediation, coordinated disclosure, or delivery of fixes; and
• Commitment to supporting the EOL software they cover and coordinating responsible CVE disclosure with project maintainers to minimize the window of unpatched vulnerability exposure.

To apply, see our sponsorship tiers and benefits, the OSSI sponsorship addendum and contact us at sponsors@commonhaus.org.

Governance and independence

OSSI operates within the Commonhaus Foundation's existing governance structure. Participation does not grant governance rights, authority over project roadmaps or technical direction, or endorsement beyond inclusion in this initiative. Foundation governance and project stewardship remain defined by the bylaws and policies.

Services listed here are provided by the named partners directly, not by the Commonhaus Foundation. Each partner determines the specific software they support — the Foundation makes no guarantees about coverage or availability. Use of Commonhaus project names and logos must comply with Foundation trademark guidelines.