The National Science Foundation has awarded up to $12 million to eight research teams through the recently launched Safety, Security and Privacy of Open-Source Ecosystems, or Safe-OSE, investment.
NSF said Monday the initial cohort will address critical vulnerabilities in open-source software and its deployment pipelines, including code flaws, side-channel exploits and supply chain threats.
“Vulnerabilities in an open-source product can be exploited to attack users of the product. NSF is pleased to be investing in this portfolio to address critical risks before they can happen,” said Erwin Gianchandani, NSF assistant director for technology, innovation and partnerships.
Safe-OSE Awardees
Each project will receive up to $1.5 million over two years to bolster the resilience of critical open-source products and their continuous integration and deployment infrastructure. The teams will focus on fortifying systems used in artificial intelligence for cloud computing, medical records, national security, privacy infrastructure and other applications.
Awardees and their projects are:
- The HDF Group: Enhance HDF5 to boost support for science, industry and national security.
- Indiana University: Use AI to manage vulnerabilities and strengthen security in open-source cloud systems.
- Indiana University: Build a secure community infrastructure for the Open Medical Records System.
- The Tor Project: Strengthen privacy infrastructure to keep communications secure and anonymous.
- University of Colorado Boulder: Enhance safety, security and privacy in the Community Earth System Model.
- University of Colorado at Colorado Springs: Boost security in the TianoCore software ecosystem.
- University of Virginia: Enhance the Tock embedded operating system’s security to protect trusted computing systems.
- University of Wisconsin-Madison: Create scalable approaches to detect inconsistencies between Git commit messages and source code in open-source projects.
Related Articles
Defense Secretary Pete Hegseth, a 2025 Wash100 Award recipient, has unveiled new directives aimed at reshaping the culture and standards of the Department of Defense during a 45-minute address to senior military leaders at Quantico, Virginia. Hegseth outlined reforms that he said will restore focus on warfighter readiness, discipline and leadership, DOD said Tuesday. “The topic today is about the nature of ourselves because no plan, no program, no reform [and] no formation will ultimately succeed unless we have the right people and the right culture at the Department of War,” Hegseth told the audience, underscoring his view that the
Zachary Terrell has been named chief technology officer of the Department of Health and Human Services, FedScoop reported Monday. Three anonymous officials confirmed his designation, which aligns with HHS’ broader restructuring of its technology operations under Secretary Robert Kennedy Jr. This effort includes consolidating IT offices and implementing ChatGPT department-wide, highlighted by an OpenAI agreement with the General Services Administration to provide agencies with ChatGPT access for $1 each over the next year. DOGE Background and NSF Involvement Terrell previously held a role related to the Department of Government Efficiency at HHS and the National Science Foundation, where he was involved
The Department of the Air Force has issued a new memorandum that classifies software as a service as a commodity-based subscription service rather than a licensed software asset. In a LinkedIn post, the DAF chief information officer said the policy change shifts the department’s focus to usage, consumption and performance, unlocking real-time visibility into SaaS utilization, centralized procurement and cost control, stronger alignment with zero trust and data ownership mandates, and reduced sustainment burden on the workforce. Unlike traditional licenses, which grants ownership of the product, SaaS provides only access to applications. That distinction, according to the memo, makes it