Open Collective
Open Collective

Grant #96984 to Security Ramifications of Open Source Software

Study of Security Ramifications of Open-Source Software and Areas of Targeted Intervention

Grant #96984

Submitted by Isha Suri on September 23, 2022

Request Details
Through this research we sought to answer the following key questions:
  • What is the level of awareness among software developers, product managers, and other technical decision-makers of the security ramifications to software applications they build through the pervasive use of open-source software in modern software supply chains? and 
  • Where can systemic interventions to the OSS ecosystem be targeted to collectively improve the security of what has become a globally shared critical resource? 
Our research activities have been synthesized into the following two publications:
  • A technical report/academic paper that details the findings of our vulnerability analysis and identifies and describes ecosystem-wide weaknesses and emerging solutions. This has been written with a view to serve as an evidence base for groups that are working on implementing the solutions and help guide the community towards systemic changes to the tooling and processes that govern the development, deployment, and delivery of OSS components. 
  •  A report on the perceptions of decision-makers towards OSS security. We believe that empirically grounded research, with a clear, concise framing of the implications of vulnerabilities of OSS for cybersecurity compared to how it is viewed in reality can shift its perception from an obvious efficiency measure to a carefully considered resource.
Both the reports have been completed and will be published soon. 


$27,790.00 USD

Total amount $27,790.00

By Isha Surion

Expense created

By Richard Littaueron

Expense approved

By Alina Mankoon

Expense marked as incomplete

By Pia Mancinion

Expense approved

By Pia Mancinion

Expense processing

By Pia Mancinion

Expense paid

$27,790.39 - $0.39 (payment processor fee)

Project balance
$89.61 USD

Fiscal Host
Open Collective Foundation

Expense policies

Our payouts are processed twice a week. We endeavor to pay within 7 days of an expense being approved by the admin of the Collective, provided all required information is included and correct. We make payments via ACH bank transfer and can only make payouts to countries served by our payment processor, Wise. You are not required to upload an invoice document as the data you submit in the expense form is sufficient. If you want to include an uploaded invoice, please make it out to Collective name, Open Collective Foundation, 440 N. Barranca Avenue #3717, Covina, CA 91723 USA.  OCF cannot reimburse payments made via electronic benefits transfer (EBT).


How do I get paid from a Collective?
Submit an expense and provide your payment information.
How are expenses approved?
Collective admins are notified when an expense is submitted, and they can approve or reject it.
Is my private data made public?
No. Only the expense amount and description are public. Attachments, payment info, emails and addresses are only visible to you and the admins.
When will I get paid?
Payments are processed by the Collective's Fiscal Host, the organization that hold funds on their behalf. Many Fiscal Hosts pay expenses weekly, but each one is different.
Why do you need my legal name?
The display name is public and the legal name is private, appearing on receipts, invoices, and other official documentation used for tax and accounting purposes.

Project balance