An Overview of Cyber Security Funding for Open Source Software
- URL: http://arxiv.org/abs/2412.05887v2
- Date: Tue, 29 Apr 2025 06:43:22 GMT
- Title: An Overview of Cyber Security Funding for Open Source Software
- Authors: Jukka Ruohonen, Gaurav Choudhary, Adam Alami,
- Abstract summary: The paper examines two such funding bodies for OSS and the projects they have funded.<n>The focus of both funding bodies is on software security and cyber security in general.
- Score: 3.5880059456896842
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Context: Many open source software (OSS) projects need more human resources for maintenance, improvements, and sometimes even their survival. This need allegedly applies even to vital OSS projects that can be seen as being a part of the world's critical infrastructures. To address this resourcing problem, new funding instruments for OSS projects have been established in recent years. Objectives: The paper examines two such funding bodies for OSS and the projects they have funded. The focus of both funding bodies is on software security and cyber security in general. Methods: The methodology is based on qualitative thematic analysis. Results: Particularly OSS supply chains, network and cryptography libraries, programming languages, and operating systems and their low-level components have been funded and thus seen as critical in terms of cyber security by the two funding bodies. Conclusions: In addition to the qualitative results presented, the paper makes a contribution by connecting the research branches of critical infrastructure and sustainability of OSS projects. A further contribution is made by connecting the topic examined to recent cyber security regulations. Finally, an important argument is raised that neither cyber security nor sustainability alone can entirely explain the rationales behind the funding decisions made by the two bodies.
Related papers
- Llama-3.1-FoundationAI-SecurityLLM-Base-8B Technical Report [50.268821168513654]
We present Foundation-Sec-8B, a cybersecurity-focused large language model (LLMs) built on the Llama 3.1 architecture.
We evaluate it across both established and new cybersecurity benchmarks, showing that it matches Llama 3.1-70B and GPT-4o-mini in certain cybersecurity-specific tasks.
By releasing our model to the public, we aim to accelerate progress and adoption of AI-driven tools in both public and private cybersecurity contexts.
arXiv Detail & Related papers (2025-04-28T08:41:12Z) - On Categorizing Open Source Software Security Vulnerability Reporting Mechanisms on GitHub [1.7174932174564534]
Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation.
The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust security policies to enhance project security.
Current research reveals that many projects perform poorly on OpenSSF criteria, indicating a need for stronger security practices.
arXiv Detail & Related papers (2025-02-11T09:23:24Z) - A Toolkit for Measuring the Impacts of Public Funding on Open Source Software Development [0.0]
Impacts of public funding on open source software development remain poorly understood.
We present a taxonomy of potential social, economic, and technological impacts that can be both positive and negative.
With this toolkit, we contribute to the multi-stakeholder conversation about the value and impacts of funding on OSS developers and society at large.
arXiv Detail & Related papers (2024-11-09T01:13:45Z) - A Mixed-Methods Study of Open-Source Software Maintainers On Vulnerability Management and Platform Security Features [6.814841205623832]
This paper investigates the perspectives of OSS maintainers on vulnerability management and platform security features.
We find that supply chain mistrust and lack of automation for vulnerability management are the most challenging.
barriers to adopting platform security features include a lack of awareness and the perception that they are not necessary.
arXiv Detail & Related papers (2024-09-12T00:15:03Z) - Sustaining Maintenance Labor for Healthy Open Source Software Projects through Human Infrastructure: A Maintainer Perspective [0.5188841610098436]
Open Source Software (OSS) fuels our global digital infrastructure but is commonly maintained by small groups of people.
Our study aims to investigate how maintenance labor can be supported and secured to enable the creation and maintenance of sustainable OSS projects.
arXiv Detail & Related papers (2024-08-13T08:30:52Z) - Public-private funding models in open source software development: A case study on scikit-learn [0.0]
This study is a case study on scikit-learn, a Python library for machine learning funded by public research grants, commercial sponsorship, micro-donations, and a 32 euro million grant announced in France's artificial intelligence strategy.
Through 25 interviews with scikit-learn's maintainers and funders, this study makes two key contributions.
It contributes empirical findings about the benefits and drawbacks of public and private funding in an impactful OSS project, and the governance protocols employed by the maintainers to balance the diverse interests of their community and funders.
arXiv Detail & Related papers (2024-04-09T17:35:11Z) - Service Level Agreements and Security SLA: A Comprehensive Survey [51.000851088730684]
This survey paper identifies state of the art covering concepts, approaches, and open problems of SLA management.
It contributes by carrying out a comprehensive review and covering the gap between the analyses proposed in existing surveys and the most recent literature on this topic.
It proposes a novel classification criterium to organize the analysis based on SLA life cycle phases.
arXiv Detail & Related papers (2024-01-31T12:33:41Z) - Survey on Foundation Models for Prognostics and Health Management in
Industrial Cyber-Physical Systems [1.1034992901877594]
Large-scale foundation models (LFMs) like BERT and GPT signifies a significant advancement in AI technology.
ChatGPT stands as a remarkable accomplishment within this research paradigm, harboring potential for General Artificial Intelligence.
Considering the ongoing enhancement in data acquisition technology and data processing capability, LFMs are anticipated to assume a crucial role in the PHM domain of ICPS.
arXiv Detail & Related papers (2023-12-11T09:58:46Z) - Purple Llama CyberSecEval: A Secure Coding Benchmark for Language Models [41.068780235482514]
This paper presents CyberSecEval, a comprehensive benchmark developed to help bolster the cybersecurity of Large Language Models (LLMs) employed as coding assistants.
CyberSecEval provides a thorough evaluation of LLMs in two crucial security domains: their propensity to generate insecure code and their level of compliance when asked to assist in cyberattacks.
arXiv Detail & Related papers (2023-12-07T22:07:54Z) - A Comprehensive Study of Governance Issues in Decentralized Finance
Applications [45.033994319846244]
We present a comprehensive study of governance issues in DeFi applications.
We collect and build a dataset of 4,446 audit reports from 17 Web3 security companies.
Our findings highlight a significant observation: the disparity between smart contract code and DeFi whitepapers plays a central role in these governance issues.
arXiv Detail & Related papers (2023-11-02T17:46:59Z) - An Exploratory Study on the Evidence of Hackathons' Role in Solving OSS
Newcomers' Challenges [54.56931759953522]
We aim to understand and discuss the challenges newcomers face when joining an OSS project.
We collect evidence on how hackathons were used to address those challenges.
arXiv Detail & Related papers (2023-05-16T15:40:19Z) - Towards a Critical Open-Source Software Database [0.0]
CrOSSD project aims to build a database of OSS projects and measure their current project "health" status.
quantitative metrics will be gathered through automated crawling of meta information such as the number of contributors, commits and lines of code.
qualitative metrics will be gathered for selected "critical" projects through manual analysis and automated tools.
arXiv Detail & Related papers (2023-05-02T10:43:21Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.