NSF Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) 2025
| To: | Chairs and Administrators, Departments in the Biological, Physical, and Social Sciences; Associate Deans for Research; College/School Research Administrators |
| From: | Office of the Vice Chancellor for Research |
| Date: | September 26, 2024 |
| Subject: | NSF Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE): NSF 24-608 |
Deadline
| Deadline for Internal Review: | October 30, 2024 |
Project Description
Vulnerabilities in an open-source product and/or its continuous development, integration and deployment infrastructure can potentially be exploited to attack any user (human, organization, and/or another product/entity) of the product. To respond to the growing threats to the safety, security, and privacy of open-source ecosystems (OSEs), NSF is launching the Safety, Security, and Privacy for Open-Source Ecosystems (Safe-OSE) program. This program solicits proposals from OSEs, including those not originally funded by NSF’s Pathways to Enable Open-Source Ecosystems (POSE) program, to address significant safety, security, and/or privacy vulnerabilities, both technical (e.g., vulnerabilities in code and side-channels) and socio-technical (e.g., supply chain, insider threats, and social engineering).
Although most open-source products are software-based, it is important to note that Safe-OSE applies to any type of OSE, including those based on scientific methodologies, models, and processes; manufacturing processes and process specifications; materials formulations; programming languages and formats; hardware instruction sets; system designs or specifications; and data platforms. The goal of the Safe-OSE program is to catalyze meaningful improvements in the safety, security, and privacy of the targeted OSE that the OSE does not currently have the resources to undertake. Funds from this program should be directed toward efforts to enhance the safety, security, and privacy characteristics of the open-source product and its supply chain as well as to bolster the ecosystem’s capabilities for managing current and future risks, attacks, breaches, and responses.
Amount per award: $1,500,000
Duration of award: 24 months
Number of awards: 10
Eligibility
UW-Madison may submit up to two preliminary proposals as the lead organization.
Website
The following link contains additional information on the program and specific application instructions:
https://new.nsf.gov/funding/opportunities/safe-ose-safety-security-privacy-open-source-ecosystems/nsf24-608/solicitation
Internal Competition Application Instructions
Applications for Internal Review
To submit your application, attach a single PDF to an email to: grants@research.wisc.edu
Please include the following information:
- Cover Page including name, title, contact information, and list of potential collaborators from end-user organizations (minimum of three and up to five)
- Research project summary of no more than 5 pages addressing the following:
- Describe the current status of the targeted OSE and provide pointers to the OSE managing organization and the public repositories for the open-source product.
- Describe the national/societal/economic impacts of the OSE.
- Articulate the targeted classes of safety, security, and/or privacy vulnerabilities to be addressed and the broader impacts of addressing them. Discuss, as appropriate, the potential attacks that could take advantage of these vulnerabilities.
- Briefly describe a development plan to address these vulnerabilities.
- Briefly describe an evaluation plan to assess the efficacy of the work.
Sponsor Deadlines
Preliminary Proposal are due to National Science Foundation by January 14, 2025. Applications are due to National Science Foundation by April 22, 2025.
Questions?
Contact grants@research.wisc.edu.