An Overview of Cyber Security Funding for Open Source Software
- URL: http://arxiv.org/abs/2412.05887v1
- Date: Sun, 08 Dec 2024 10:48:30 GMT
- Title: An Overview of Cyber Security Funding for Open Source Software
- Authors: Jukka Ruohonen, Gaurav Choudhary, Adam Alami,
- Abstract summary: The paper examines two such funding bodies for OSS and the projects they have funded.
The focus of both funding bodies is on software security and cyber security in general.
An important argument is raised that neither cyber security nor sustainability alone can entirely explain the rationales behind the funding decisions made by the two bodies.
- Score: 3.5880059456896842
- License:
- Abstract: Many open source software (OSS) projects need more human resources for maintenance, improvements, and sometimes even their survival. This need allegedly applies even to vital OSS projects that can be seen as being a part of the world's critical infrastructures. To address this resourcing problem, new funding instruments for OSS projects have been established in recent years. The paper examines two such funding bodies for OSS and the projects they have funded. The focus of both funding bodies is on software security and cyber security in general. Based on a qualitative analysis, particularly OSS supply chains, network and cryptography libraries, programming languages, and operating systems and their low-level components have been funded and thus seen as critical in terms of cyber security by the two funding bodies. In addition to this and other results, the paper makes a contribution by connecting the research branches of critical infrastructure and sustainability of OSS projects. A further contribution is made by connecting the topic examined to recent cyber security regulations. Furthermore, an important argument is raised that neither cyber security nor sustainability alone can entirely explain the rationales behind the funding decisions made by the two bodies.
Related papers
- On Categorizing Open Source Software Security Vulnerability Reporting Mechanisms on GitHub [1.7174932174564534]
Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation.
The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust security policies to enhance project security.
Current research reveals that many projects perform poorly on OpenSSF criteria, indicating a need for stronger security practices.
arXiv Detail & Related papers (2025-02-11T09:23:24Z) - FSCsec: Collaboration in Financial Sector Cybersecurity -- Exploring the Impact of Resource Sharing on IT Security [0.9374652839580183]
This research aims to provide insights that can help financial institutions make better decisions to protect.
By using simple theories to understand these factors, this research aims to provide insights that can help financial institutions make better decisions to protect.
arXiv Detail & Related papers (2024-10-19T20:03:27Z) - A Mixed-Methods Study of Open-Source Software Maintainers On Vulnerability Management and Platform Security Features [6.814841205623832]
This paper investigates the perspectives of OSS maintainers on vulnerability management and platform security features.
We find that supply chain mistrust and lack of automation for vulnerability management are the most challenging.
barriers to adopting platform security features include a lack of awareness and the perception that they are not necessary.
arXiv Detail & Related papers (2024-09-12T00:15:03Z) - Sustaining Maintenance Labor for Healthy Open Source Software Projects through Human Infrastructure: A Maintainer Perspective [0.5188841610098436]
Open Source Software (OSS) fuels our global digital infrastructure but is commonly maintained by small groups of people.
Our study aims to investigate how maintenance labor can be supported and secured to enable the creation and maintenance of sustainable OSS projects.
arXiv Detail & Related papers (2024-08-13T08:30:52Z) - A Security Assessment tool for Quantum Threat Analysis [34.94301200620856]
The rapid advancement of quantum computing poses a significant threat to many current security algorithms used for secure communication, digital authentication, and information encryption.
A sufficiently powerful quantum computer could potentially exploit vulnerabilities in these algorithms, rendering data in insecure transit.
This work developed a quantum assessment tool for organizations, providing tailored recommendations for transitioning their security protocols into a post-quantum world.
arXiv Detail & Related papers (2024-07-18T13:58:34Z) - Position Paper: Assessing Robustness, Privacy, and Fairness in Federated
Learning Integrated with Foundation Models [39.86957940261993]
Integration of Foundation Models (FMs) into Federated Learning (FL) introduces novel issues in terms of robustness, privacy, and fairness.
We analyze the trade-offs involved, uncover the threats and issues introduced by this integration, and propose a set of criteria and strategies for navigating these challenges.
arXiv Detail & Related papers (2024-02-02T19:26:00Z) - Purple Llama CyberSecEval: A Secure Coding Benchmark for Language Models [41.068780235482514]
This paper presents CyberSecEval, a comprehensive benchmark developed to help bolster the cybersecurity of Large Language Models (LLMs) employed as coding assistants.
CyberSecEval provides a thorough evaluation of LLMs in two crucial security domains: their propensity to generate insecure code and their level of compliance when asked to assist in cyberattacks.
arXiv Detail & Related papers (2023-12-07T22:07:54Z) - A Comprehensive Study of Governance Issues in Decentralized Finance
Applications [45.033994319846244]
We present a comprehensive study of governance issues in DeFi applications.
We collect and build a dataset of 4,446 audit reports from 17 Web3 security companies.
Our findings highlight a significant observation: the disparity between smart contract code and DeFi whitepapers plays a central role in these governance issues.
arXiv Detail & Related papers (2023-11-02T17:46:59Z) - Towards a Critical Open-Source Software Database [0.0]
CrOSSD project aims to build a database of OSS projects and measure their current project "health" status.
quantitative metrics will be gathered through automated crawling of meta information such as the number of contributors, commits and lines of code.
qualitative metrics will be gathered for selected "critical" projects through manual analysis and automated tools.
arXiv Detail & Related papers (2023-05-02T10:43:21Z) - Future Computer Systems and Networking Research in the Netherlands: A
Manifesto [137.47124933818066]
We draw attention to CompSys as a vital part of ICT.
Each of the Top Sectors of the Dutch Economy, each route in the National Research Agenda, and each of the UN Sustainable Development Goals pose challenges that cannot be addressed without CompSys advances.
arXiv Detail & Related papers (2022-05-26T11:02:29Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.