Objectives
The NSF Safe-OSE program solicits proposals for awards in the form of cooperative agreements to fund impactful, mature open-source ecosystems to address important classes of safety, security, and privacy vulnerabilities. In this context, mature signifies that the ecosystem in question has already established a robust community of contributors, an extensive group of users, a managing organization that steers the development of the product, and the essential infrastructure needed to keep the ecosystem running.
This program solicits proposals from OSEs, including those not originally funded by NSF’s Pathways to Enable Open-Source Ecosystems (POSE) program, to address significant safety, security, and/or privacy vulnerabilities, both technical (e.g., vulnerabilities in code and side-channels) and socio-technical (e.g., supply chain, insider threats, and social engineering).
Proposals to this program should provide clear evidence that OSE team leaders have established a thorough understanding of the threat landscape, vulnerabilities, and/or failure modes for the open-source product(s) managed by the OSE. Proposals should describe, where appropriate, what other products depend upon the safe, secure, and privacy-preserving functions of the OSE.
Funds from this program should not be directed toward fundamental research or at readily resolvable, known bugs/issues, but rather toward strategies, methods, and actions that will fundamentally improve the open-source product’s safety, security, and privacy stance. Funds from this program can also be directed at efforts to bolster the OSE’s resiliency for recovering from future incidents. Thus, the proposal should articulate how Safe-OSE funding will improve the broader national, societal, and/or economic impacts of the OSE by hardening it against adverse events over the long term.
Funding Information
Up to $1.5 million for 2 years with annual budgets as follows: Year 1 maximum $500,000; Year 2 maximum of $1 million.
Eligibility
Any PI, co-PI, or other Senior/Key Personnel must be at a US-based campus of an Institution of Higher Education (defined by NSF) and hold one of the following:
- a tenured or tenure-track position
- a primary, full-time, paid appointment in a research or teaching position
- a staff leadership role in an Open-Source Program Office or equivalent position
Exceptions are granted for family or medical leave, as determined by the submitting institution. Researchers from foreign academic institutions who contribute essential expertise to the project may participate as Senior/Key Personnel or collaborators but may not receive NSF support.
Internal Selection Process
BU may forward up to 2 preliminary proposals.
Interested applicants should submit the following materials via InfoReady Review by: 11/7/2025
- List of co-PIs and Senior/Key Personnel
- Proposal Abstract briefly describing the current status of the targeted OSE, its national/societal/economic impacts, and targeted classes of safety, security, and/or privacy vulnerabilities to be addressed, and the broader impacts of addressing these vulnerabilities (500 words maximum)
As necessary, a faculty review committee will review internal applications and select the institutional nominee(s).
Deadlines
Internal Materials Due: Friday, November 7, 2025
Anticipated Notification Date: Wednesday, November 26, 2025
Preliminary Proposals Due: Tuesday, January 13, 2026
Full Proposals Due: Tuesday, April 28, 2026