Grant Summary to Security Ramifications of Open Source Software
Study of Security Ramifications of Open-Source Software and Areas of Targeted Intervention
Submitted by Isha Suri on September 23, 2022
Through this research we sought to answer the following key questions:
- What is the level of awareness among software developers, product managers, and other technical decision-makers of the security ramifications to software applications they build through the pervasive use of open-source software in modern software supply chains? and
- Where can systemic interventions to the OSS ecosystem be targeted to collectively improve the security of what has become a globally shared critical resource?
Our research activities have been synthesized into the following two publications:
- A technical report/academic paper that details the findings of our vulnerability analysis and identifies and describes ecosystem-wide weaknesses and emerging solutions. This has been written with a view to serve as an evidence base for groups that are working on implementing the solutions and help guide the community towards systemic changes to the tooling and processes that govern the development, deployment, and delivery of OSS components.
- A report on the perceptions of decision-makers towards OSS security. We believe that empirically grounded research, with a clear, concise framing of the implications of vulnerabilities of OSS for cybersecurity compared to how it is viewed in reality can shift its perception from an obvious efficiency measure to a carefully considered resource.
Both the reports have been completed and will be published soon.
Total amount $27,790.00
Paid from Fiscal Host
OpenCollective Foundation 501(c)(3) (Open Collective Foundation)
440 N. Barranca Avenue, #3717 Covina, CA 91723
Open Collective Foundation
Our payouts are processed twice a week. We will endeavor to pay within 7 days of an expense being approved by the admin of the Collective. provided all required information is included and correct. We can usually turn payments around sooner, but can’t guarantee that and don’t want to set that expectation. We make payments via Bank Transfer, and can only make payouts to countries served by our payment processor, Wise. You are not required to upload an invoice document (the data you submit in the expense form is sufficient) but if you would like to include an uploaded invoice, please make it out to: Collective name, Open Collective Foundation, 440 N. Barranca Avenue #3717, Covina, CA 91723 USA. OCF cannot reimburse EBT payments.
How do I get paid from a Collective?
Submit an expense and provide your payment information.
How are expenses approved?
Collective admins are notified when an expense is submitted, and they can approve or reject it.
Is my private data made public?
No. Only the expense amount and description are public. Attachments, payment info, emails and addresses are only visible to you and the admins.
When will I get paid?
Payments are processed by the Collective's Fiscal Host, the organization that hold funds on their behalf. Many Fiscal Hosts pay expenses weekly, but each one is different.
Why do you need my legal name?
The display name is public and the legal name is private, appearing on receipts, invoices, and other official documentation used for tax and accounting purposes.
Open Collective Foundation