Atom | Safety, Security, and Privacy of Open-Source Ecosystems

Funder: National Science Foundation

Due Dates: January 14, 2025 (Preliminary) | April 22, 2025 (Full) | Annually: Second Tuesday in January (Preliminary) | Fourth Tuesday in April (Full)

Funding Amounts: Up to $1,500,000 per award (24 months; max $500,000 in Year 1, $1,000,000 in Year 2); ~10 awards; total program budget $15M.

Summary: Supports mature open-source ecosystems to address significant safety, security, and privacy vulnerabilities through technical and socio-technical interventions.

Key Information: Preliminary proposal is required; only invited projects may submit a full proposal; limited to 2 proposals per lead organization.

Description

This program funds efforts to improve the safety, security, and privacy of mature open-source ecosystems (OSEs) that are critical to science, technology, and society. The focus is on addressing both technical (e.g., code vulnerabilities, side-channels) and socio-technical (e.g., supply chain, insider threats, social engineering) risks that threaten open-source products and their development/deployment infrastructure. The program is open to OSEs beyond software, including those based on scientific methodologies, hardware, data platforms, and more.

The goal is to catalyze improvements that the OSE cannot currently undertake due to resource constraints, with an emphasis on projects that will have demonstrable societal or economic impact. Funding is intended for substantial, strategic interventions—not for routine bug fixes or fundamental research.

Due Dates

Preliminary Proposal Deadline: January 14, 2025 (required for all applicants)
Full Proposal Deadline: April 22, 2025 (by invitation only)
Annual Deadlines: Second Tuesday in January (Preliminary); Fourth Tuesday in April (Full), annually thereafter

Funding Amount

Total Program Budget: $15,000,000
Number of Awards: Approximately 10
Award Size: Up to $1,500,000 per project (24 months)
- Year 1: up to $500,000
- Year 2: up to $1,000,000 (subject to progress review)
Award Type: Cooperative Agreement

Eligibility

Eligible Organizations:
- U.S.-based non-profit, non-academic organizations (e.g., research labs, professional societies)
- U.S.-based for-profit organizations (including small businesses)
- State and local governments
- Federally recognized Tribal Nations
- Accredited U.S. institutions of higher education (2- and 4-year, including community colleges)
PI Eligibility:
- For IHEs: PI/co-PI/Senior Personnel must hold a tenured/tenure-track, full-time research/teaching, or Open-Source Program Office leadership role at a U.S. campus
- For other organizations: PI must be a U.S.-resident employee of the proposing organization
- Individuals at non-U.S. organizations are not eligible as PI/co-PI, but may participate as collaborators (without NSF funding)
Proposal Limits:
- Up to 2 preliminary proposals per lead organization per cycle
- No limit on number of proposals per individual as PI/co-PI

Application Process

Preliminary Proposal (Required)
- Submit via Research.gov
- Must include: Cover Sheet, Project Summary (with keywords), Project Description (max 5 pages), References Cited, 3–5 Letters of Collaboration from end-user organizations
- Only invited proposals may proceed to full submission
Full Proposal (By Invitation Only)
- Submit via Research.gov or Grants.gov
- Project Description (max 15 pages) must address: OSE status, impact, vulnerability landscape, development and evaluation plans, and eligibility
- Budget: Max $1.5M total, with no more than $500K in Year 1
- Required supplementary documents: Letters of Collaboration, list of project personnel/collaborators, budget documentation
Review Process
- Preliminary proposals: Internal NSF review; binding Invite/Do Not Invite decision
- Full proposals: External merit review (Intellectual Merit and Broader Impacts), plus solicitation-specific criteria (e.g., evidence of robust OSE, clear vulnerability landscape, actionable milestones)
- Year 2 funding contingent on progress review (reverse site visit or external review)

Additional Information

Eligible OSEs: Must be mature, with a robust contributor/user community and managing organization
Use of Funds: Not for fundamental research or routine bug fixes; must address significant, strategic vulnerabilities and improve OSE resilience
Cost Sharing: Not allowed
Collaborative Proposals: Only single-organization submissions with subawards; no separately submitted collaborative proposals
Special Requirements: U.S. ownership/control for non-profit and for-profit applicants; legal right to work in the U.S. for all funded personnel
Reporting: Annual and final project reports required

External Links

Contact Information

Name/Role	Email	Phone
General Program Contact	pose@nsf.gov	(703) 292-7991 (Nina Amla)
Peter S. Atherton	pose@nsf.gov	(703) 292-8772
Daniela A. Oliveira	pose@nsf.gov	(703) 292-4352
Olga Pierrakos	pose@nsf.gov	(703) 292-7253
Jeffrey M. Stanton	pose@nsf.gov	(703) 292-7794
Selcuk Uluagac	pose@nsf.gov	(703) 292-4540
NSF Information Center	info@nsf.gov	(703) 292-5111
Research.gov Help Desk	rgov@nsf.gov	1-800-381-1532
Grants.gov Support	support@grants.gov	1-800-518-4726