Open Collective
Open Collective
Loading

Grant #96984 to Security Ramifications of Open Source Software

Study of Security Ramifications of Open-Source Software and Areas of Targeted Intervention

Paid
Grant #96984

Submitted by Isha SuriApproved by Richard Littauer

Sep 23, 2022

Request Details
 
Through this research we sought to answer the following key questions:
  • What is the level of awareness among software developers, product managers, and other technical decision-makers of the security ramifications to software applications they build through the pervasive use of open-source software in modern software supply chains? and 
  • Where can systemic interventions to the OSS ecosystem be targeted to collectively improve the security of what has become a globally shared critical resource? 
Our research activities have been synthesized into the following two publications:
  • A technical report/academic paper that details the findings of our vulnerability analysis and identifies and describes ecosystem-wide weaknesses and emerging solutions. This has been written with a view to serve as an evidence base for groups that are working on implementing the solutions and help guide the community towards systemic changes to the tooling and processes that govern the development, deployment, and delivery of OSS components. 
  •  A report on the perceptions of decision-makers towards OSS security. We believe that empirically grounded research, with a clear, concise framing of the implications of vulnerabilities of OSS for cybersecurity compared to how it is viewed in reality can shift its perception from an obvious efficiency measure to a carefully considered resource.
Both the reports have been completed and will be published soon. 


 
$27,790.00 USD

Total amount $27,790.00 USD

Additional Information

By Isha Surion
Expense created
By Richard Littaueron
Expense approved
By Alina Mankoon
Expense marked as incomplete
By Pia Mancinion
Expense approved
By Pia Mancinion
Expense processing
By Pia Mancinion
Expense paid
Expense Amount: $27,790.00
Payment Processor Fee (paid by Security Ramifications of Open Source Software): $0.39
Net Amount for Security Ramifications of Open Source Software: $27,790.39

Project balance
Expense policies

Our payouts are processed twice a week. We endeavor to pay within 7 business days of an expense being approved by the admin of the Collective, provided all required information is included and correct. We make payments via ACH bank transfer and can only make payouts to countries served by our payment processor, Wise.  OCF requires the profile name and the name in the payout method to match. 
 
For Reimbursements:
A good receipt will have:
  • Vendor or Company Name, 
  • Date, 
  • Itemized list of transactions,
  • Method of payment, 
  • Picture should show the whole receipt - including the total at the bottom

Partial requests are ok. (You may request under the total amount from receipt, but NOT over.)

OCF cannot reimburse payments made via electronic benefits transfer (EBT), any car/large asset purchases, or for car repairs.

If requesting reimbursement for a bill payment or invoice, please upload a copy of the [water/ heat/etc.] bill that this payment has been applied to and a copy of the receipt or proof of payment, if not already provided in the copy of the bill.
 
For Invoices:
Please include detailed information in the Description of the work done. e.g. Instead of writing “Admin Support”, please write: "Administrative, research, and meeting support"

You are not required to upload an invoice document, as the data you submit in the expense form is sufficient. If you want to include an uploaded invoice, please make it out to Collective name, Open Collective Foundation, 440 N. Barranca Avenue #3717, Covina, CA 91723 USA 

FAQ

How do I get paid from a Collective?
Submit an expense and provide your payment information.
How are expenses approved?
Collective admins are notified when an expense is submitted, and they can approve or reject it.
Is my private data made public?
No. Only the expense amount and description are public. Attachments, payment info, emails and addresses are only visible to you and the admins.
When will I get paid?
Payments are processed by the Collective's Fiscal Host, the organization that hold funds on their behalf. Many Fiscal Hosts pay expenses weekly, but each one is different.
Why do you need my legal name?
The display name is public and the legal name is private, appearing on receipts, invoices, and other official documentation used for tax and accounting purposes.

Project balance

$0.00 USD