Recipient: Divyank Katira (Centre for Internet & Society in Bangalore)

How do technical decision-makers assess the security ramifications of open source software components before adopting them in their projects and where can systemic interventions to the FOSS ecosystem be targeted to collectively improve its security?

Description: Security is a critical part of the often overlooked area of open source software maintenance. While the benefits of FOSS are well recognized, there is no widespread understanding of the security tradeoffs of pervasive software reuse. This project will use a mix of qualitative research to examine attitudes of technical decision-makers towards the security of FOSS components, and empirical analysis to study their security failures at an infrastructural level to identify and proactively respond to systemic issues in the FOSS ecosystem that underpin these failures.