Sept. 30, 2025 — The U.S. National Science Foundation announced the first-ever Safety, Security, and Privacy of Open-Source Ecosystems (NSF Safe-OSE) investment in an inaugural cohort of 8 teams. This investment focuses on vulnerabilities in open-source products and/or their continuous integration and deployment infrastructure. The portfolio addresses a broad range of challenges, from code vulnerabilities and side-channel attacks to supply-chain and insider threats.
Each project received up to $1.5 million for up to two years to catalyze meaningful improvements and efforts that these ecosystems often lack the resources to undertake. Researchers will improve and bolster the resiliency of ecosystems in areas like artificial intelligence for cloud computing, medical records, national security, critical privacy infrastructure and many other important applications.
The NSF Safe-OSE program aims to strengthen the ecosystem’s capacity to manage current and future risks, attacks, breaches and responses.
“Vulnerabilities in an open-source product can be exploited to attack users of the product,” said Erwin Gianchandani, NSF assistant director for Technology, Innovation and Partnerships (NSF TIP). “NSF is pleased to be investing in this portfolio to address critical risks before they can happen.”
NSF requested that applicants submit a preliminary proposal. A full proposal was invited if the preliminary proposal was determined to be a good fit. The Safe-OSE program grows out of the NSF TIP Directorate Pathways to Enable Open-Source Ecosystems program, a relatively new and ongoing initiative to invest in new managing organizations catalyzing the distributed, community-driven development and growth of open-source ecosystems.
Safe-OSE Awardees
The HDF Group: Strengthening HDF5 to better serve science, industry and national security applications.
Indiana University: Implementing AI-enabled vulnerability management practices to enhance the safety and security of open-source cloud computing ecosystems.
Indiana University: Cultivating a security-focused community infrastructure for the Open Medical Records System (OpenMRS).
The Tor Project: Advancing critical privacy infrastructure to ensure secure and anonymous communication.
University of Colorado Boulder: Enhancing safety, security and privacy across the Community Earth System Model (CESM) ecosystem.
University of Colorado at Colorado Springs: Improving the security posture of the TianoCore ecosystem.
University of Virginia: Safeguarding trusted computing systems by improving the security of the Tock secure embedded operating system.
University of Wisconsin-Madison: Developing scalable methods to detect inconsistencies between Git commit messages and source code in open-source projects.
About NSF TIP
The NSF Directorate for Technology, Innovation and Partnerships (NSF TIP) seeks to engage all Americans in accelerating critical and emerging technologies to advance U.S. competitiveness. The directorate partners across sectors to advance three primary focus areas — accelerating technology translation and development, fostering regional innovation and economic growth, and preparing the American workforce for better-quality, higher-wage jobs. For more information about NSF TIP, visit nsf.gov/tip/latest.
Source: NSF