The Eclipse Foundation Launches Open VSX Security Researcher Recognition Program to Strengthen Supply Chain Security

Initiative supports responsible disclosure by the global security research community to protect critical open source developer infrastructure

BRUSSELS, April 14, 2026 (GLOBE NEWSWIRE) -- The Eclipse Foundation today announced the Open VSX Security Researcher Recognition Program, a new initiative designed to strengthen the security of the Open VSX Registry by encouraging responsible vulnerability disclosure and recognising contributions from the global security research community.

The program establishes a clear, ethical pathway for reporting security vulnerabilities affecting Open VSX, while formally acknowledging individuals and organisations who help improve the security, integrity, and trust of the ecosystem.

The announcement follows the significant momentum and continued growth of the Open VSX Registry, which recently surpassed 300 million monthly downloads and has become critical infrastructure for AI-native IDEs, cloud development environments, and VS Code-compatible platforms used by millions of developers worldwide.

“Open VSX is critical infrastructure for modern developer platforms, making it an increasingly attractive target for bad actors and reinforcing the need for proactive risk mitigation,” said Mike Milinkovich, Executive Director of the Eclipse Foundation. “As adoption accelerates and the threat landscape becomes more sophisticated, responsible security research is essential. This program creates a clear path for researchers to collaborate with us and be recognised for protecting the ecosystem.”

Strengthening supply chain security through responsible disclosure

As extension registries play an increasingly central role in modern software development, they have also become part of the active threat landscape of the software supply chain. Attackers have demonstrated the ability to exploit extension ecosystems to distribute malicious code, compromise development environments, and access sensitive data.

The Open VSX Registry has introduced a range of proactive security measures to address these risks, including pre-publication verification, detection of malicious patterns, and infrastructure enhancements to improve resilience and trust.

The Security Researcher Recognition Program builds on these efforts by:

Encouraging early, responsible disclosure of vulnerabilities
Providing a direct and transparent reporting process
Supporting coordinated remediation with maintainers and stakeholders
Strengthening collaboration with the global security research community
Publicly recognizing impactful contributions

Recognition-based model to support the security researcher community

The Open VSX Security Researcher Recognition Program is designed to complement existing security practices by focusing on recognition, transparency, and collaboration, rather than financial incentives.

Eligible contributors may receive:

Public recognition in the Open VSX Security Hall of Fame
Shareable digital badges and certificates of recognition
Swag rewards based on impact and contribution level

Recognition is based on the impact of the finding, the quality of the report, and adherence to responsible disclosure practices.

The program is open to independent researchers, academic institutions, security consultancies, open source contributors, and developers who identify real-world risks in the Open VSX ecosystem.

Supporting trusted, open developer infrastructure

Open VSX is a vendor-neutral extension registry governed under the Eclipse Foundation, supporting a rapidly expanding ecosystem of developer tools and platforms. As reliance on extension ecosystems grows, maintaining trust requires both technical safeguards and active community participation.

The program reinforces the Eclipse Foundation’s broader commitment to advancing:

Software supply chain security
Transparent, vendor-neutral governance
Long-term sustainability of open source infrastructure

How to participate

Security researchers, developers, and community members are invited to help strengthen the security and trust of the Open VSX ecosystem. The Open VSX Researcher Recognition Program provides a clear pathway for responsible vulnerability disclosure, along with opportunities to contribute more broadly to the project and community.

About the Open VSX Registry

The Open VSX Registry is the open, vendor-neutral extension registry for tools built on the VS Code™ extension API. Governed transparently under the Eclipse Foundation, it provides developers, publishers, and platform builders with a trusted open alternative to proprietary extension marketplaces. Because Eclipse Open VSX is open source and self-hostable, organisations may also deploy their own internal registry implementations as needed. Developers can contribute to the ongoing security, resilience, and evolution of Open VSX via the project repository.

About the Eclipse Foundation
The Eclipse Foundation provides a global community of individuals and organisations with a vendor-neutral, business-friendly environment for open source collaboration and innovation. We host Adoptium, the Eclipse IDE, Jakarta EE, Open VSX, Software Defined Vehicle, and more than 400 high-impact open source projects. Headquartered in Brussels, Belgium, we are an international non-profit association supported by over 300 members. Our events, including Open Community Experience (OCX), bring together developers, industry leaders, and researchers from around the world. To learn more, follow us on X and LinkedIn, or visit eclipse.org.

Media contacts:
Schwartz Public Relations (Germany)
Julia Rauch/Marita Bäumer
Sendlinger Straße 42A
80331 Munich
EclipseFoundation@schwartzpr.de
+49 (89) 211 871 -70/ -62

514 Media Ltd (France, Italy, Spain)
Benoit Simoneau
benoit@514-media.com
M: +44 (0) 7891 920 370

Nichols Communications (Global Press Contact)
Jay Nichols
jay@nicholscomm.com
+1 408-772-1551

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.