Grant #96984 to Security Ramifications of Open Source Software
Study of Security Ramifications of Open-Source Software and Areas of Targeted Intervention
Paid
Grant #96984
Submitted by Isha Suri on September 23, 2022
Request Details
Through this research we sought to answer the following key questions:
- What is the level of awareness among software developers, product managers, and other technical decision-makers of the security ramifications to software applications they build through the pervasive use of open-source software in modern software supply chains? and
- Where can systemic interventions to the OSS ecosystem be targeted to collectively improve the security of what has become a globally shared critical resource?
Our research activities have been synthesized into the following two publications:
- A technical report/academic paper that details the findings of our vulnerability analysis and identifies and describes ecosystem-wide weaknesses and emerging solutions. This has been written with a view to serve as an evidence base for groups that are working on implementing the solutions and help guide the community towards systemic changes to the tooling and processes that govern the development, deployment, and delivery of OSS components.
- A report on the perceptions of decision-makers towards OSS security. We believe that empirically grounded research, with a clear, concise framing of the implications of vulnerabilities of OSS for cybersecurity compared to how it is viewed in reality can shift its perception from an obvious efficiency measure to a carefully considered resource.
Both the reports have been completed and will be published soon.
$27,790.00 USD
Total amount $27,790.00
payout method
Bank account
Details
********By Isha Surion
Expense created
By Richard Littaueron
Expense approved
By Alina Mankoon
Expense marked as incomplete
By Pia Mancinion
Expense approved
By Pia Mancinion
Expense processing
Project balance
Expense policies
Expense policies
Our payouts are processed twice a week. We endeavor to pay within 7 days of an expense being approved by the admin of the Collective, provided all required information is included and correct. We make payments via ACH bank transfer and can only make payouts to countries served by our payment processor, Wise. You are not required to upload an invoice document as the data you submit in the expense form is sufficient. If you want to include an uploaded invoice, please make it out to Collective name, Open Collective Foundation, 440 N. Barranca Avenue #3717, Covina, CA 91723 USA. OCF cannot reimburse payments made via electronic benefits transfer (EBT).
FAQ
How do I get paid from a Collective?
Submit an expense and provide your payment information.
How are expenses approved?
Collective admins are notified when an expense is submitted, and they can approve or reject it.
Is my private data made public?
No. Only the expense amount and description are public. Attachments, payment info, emails and addresses are only visible to you and the admins.
When will I get paid?
Payments are processed by the Collective's Fiscal Host, the organization that hold funds on their behalf. Many Fiscal Hosts pay expenses weekly, but each one is different.
Why do you need my legal name?
The display name is public and the legal name is private, appearing on receipts, invoices, and other official documentation used for tax and accounting purposes.
Project balance
Fiscal Host:
Open Collective Foundation