U.S. Open-Source Software Security Initiative Workshop
Georgia Tech Research Corporation, Atlanta GA
Investigators
Abstract
This project is supporting a virtual workshop to examine ways to improve the security of the open-source software ecosystem. This is an invitation-only workshop focusing on four core topic areas: (1) Developers' Perception of Trust & Safety; (2) Memory-Safe Programming Languages; (3) Software Dependency Management; and (4) Behavioral and Economic Incentives to Secure Open-Source Software. The workshop consists of a combination of invited talks, panels, and technical breakaway sessions. The project's novelty is in bringing together stakeholders from the U.S. Government, academia, private sector, and the open-source software community, and examining both the technical and incentive aspects in tandem. To our knowledge, such an initiative has not been undertaken, at least in the last 20 years. The broader significance and important of the project are to benefit the United States by investing in the shared open-source software infrastructure that the public and private sectors both rely on and addressing challenges spanning the global software community. The workshop is in direct support of the U.S. Open-Source Security Initiative “Enhance and Invest in Secure and Transparent OSS Development”, led by the White House Office of Management and Budget, which addresses the White House Executive Order 14028 on improving the nation cyber security. The workshop is designed to generate ideas and broad discussion around possible approaches to invest in the security of open-source software. One concrete output of the project is a report summarizing findings and recommendations on making progress on these four topic areas. These recommendations may cover USG Research and Development (R&D) investment (including potentially a grand challenge prize), acquisition practices, policy and legal issues, and other mechanisms through which open-source software security may be improved. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →