Safety, Security, and Privacy of Open-Source Ecosystems
U.S. National Science Foundation
Who can apply
*Who May Submit Proposals: Proposals may only be submitted by the following: -For-profit organizations: U.S.-based commercial organizations, including small businesses, with strong capabilities in scientific or engineering research or education and a passion for innovation. -Non-profit, non-academic organizations: Independent museums, observatories, research laboratories, professional societies and similar organizations located in the U.S. that are directly associated with educational or research activities. -State and Local Governments -Tribal Nations: An American Indian or Alaska Native tribe, band, nation, pueblo, village, or community that the Secretary of the Interior acknowledges as a federally recognized tribe pursuant to the Federally Recognized Indian Tribe List Act of 1994, 25 U.S.C. §§ 5130-5131. - Institutions of Higher Education (IHEs) - Two- and four-year IHEs (including community colleges) accredited in, and having a campus located in the US, acting on behalf of their faculty members. *Who May Serve as PI: For Institutions of Higher Education: By the submission deadline, any PI, co-PI, or other Senior/Key Personnel must hold either: <ul> <li>a tenured or tenure-track position, or</li> <li>a primary, full-time, paid appointment in a research or teaching position, or</li> <li>a staff leadership role in an Open-Source Program Office or equivalent position</li> </ul> at a U.S.-based campus of an Institution of Higher Education (see above), with exceptions granted for family or medical leave, as determined by the submitting institution. Individuals with primary appointments at overseas branch campuses of U.S. institutions of higher education are not eligible.Researchers from foreign academic institutions who contribute essential expertise to the project may participate as Senior/Key Personnel or collaborators but may not receive NSF support. For all other eligible proposing organizations: The PI must be an employee of the proposing organization who is normally resident in the US and must be acting as an employee of the proposing organization while performing PI responsibilities. The PI may perform the PI responsibilities while temporarily out of the U.S. Individuals withprimaryappointments atnon-U.S.basednon-profit ornon-U.S.basedfor-profit organizations are not eligible.
About this opportunity
Vulnerabilities in an open-source product and/or its continuous development, integration and deployment infrastructure can potentially be exploited to attack any user (human, organization, and/or another product/entity) of the product. To respond to the growing threats to the safety, security, and privacy of open-source ecosystems (OSEs), NSF is launching theSafety, Security, and Privacy for Open-Source Ecosystems(Safe-OSE) program. This program solicits proposals from OSEs, including those not originally funded by NSF’s Pathways to Enable Open-Source Ecosystems (POSE) program, to address significant safety, security, and/or privacy vulnerabilities, both technical (e.g., vulnerabilities in code and side-channels) and socio-technical (e.g., supply chain, insider threats). Although mos...