Research and Economic Development

Search Funding

Program Title	NSF 24-608: Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE)
Program Website	Link
Agency	NSF
Number of Submissions Allowed	12
Internal UCR Deadline	11/15/2024
Intent Deadline	1/14/2025
Agency Final Deadline	4/22/2025

Vulnerabilities in an open-source product (software and
non-software) and/or its continuous development, maintenance, integration, and
deployment infrastructure can potentially be exploited to attack any user
(human, organization, and/or another product/entity) of the product and/or its
derivations. To respond quickly to the growing threats to the safety, security,
and privacy of OSEs, NSF is launching the Safety, Security, and Privacy of
Open-source Ecosystems (Safe-OSE) program.

This program seeks to fund impactful, mature open-source
ecosystems to address important classes of safety, security, and privacy
vulnerabilities. In this context, mature signifies that the ecosystem in
question has already established a robust community of contributors, an
extensive group of users, a managing organization that steers the development
of the product, and the essential infrastructure needed to keep the ecosystem
running.

Unlike NSF's Dear Colleague Letter inviting proposals
related to open-source software security (NSF 23-149), which focuses on
fundamental cybersecurity research, the Safe-OSE program solicits proposals
from OSEs, to address safety, security, and/or privacy vulnerabilities
proactively in existing, mature OSEs. These vulnerabilities can be technical
(e.g., vulnerabilities in code, side-channels potentially disclosing sensitive
information) and/or socio-technical (e.g., supply chain issues, insider
threats, biases, and social engineering), as long as they are deemed
significant in the context of the OSE. The goal of the Safe-OSE program is to
catalyze meaningful improvements in the safety, security, and privacy of the targeted
OSE that the managing organization does not currently have the resources to
undertake. The program especially focuses on efforts in which enhancing the
safety, security, and privacy of the OSE will lead to demonstrable improvement
in its positive societal and economic impacts.

Anticipated Type of Award: Cooperative Agreement

Anticipated Funding: Each award will be for 24 months.
The budget for Year 1 should be up to a maximum of $500,000 and the budget for
Year 2 should be up to a maximum of $1,000,000, for a total budget of up to
$1,500,000 per award.

Cost Sharing Requirements: Inclusion of voluntary committed cost sharing is
prohibited.

Database Key: 2126966212