NSF 24-608: Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE)

NSF 24-608: Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) is sponsored by National Science Foundation (NSF). Funds research on safety and privacy in open-source ecosystems, applicable to secure AI therapist platforms for children.

Official opportunity description and requirements excerpt:

NSF 24-608: Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) | NSF - U.S. National Science Foundation An official website of the United States government Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS. or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. Research Experiences for Undergraduates For Early-Career Researchers Proposal & Award Policies & Procedures Guide (PAPPG) How We Make Funding Decisions Request a Change to Your Award Proposal & Award Policies & Procedures Guide (PAPPG) NSF Public Access Repository Who to Contact With Questions Facilities and Infrastructure Updates on NSF Priorities Our Directorates & Offices Biological Sciences (BIO) Computer & Information Science & Engineering (CISE) Integrative Activities (OIA) International Science & Engineering (OISE) Mathematical & Physical Sciences (MPS) Social, Behavioral & Economic Sciences (SBE) Technology, Innovation & Partnerships (TIP) National Center for Science & Engineering Statistics (NCSES) National Science Board (NSB) Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) Active funding opportunity This document is the current version. NSF 24-608: Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) Posted: September 19, 2024 To save a PDF of this solicitation, select Print to PDF in your browser's print options. Program Solicitation NSF 24-608 U.S. National Science Foundation Directorate for Computer and Information Science and Engineering Directorate for STEM Education Directorate for Technology, Innovation and Partnerships Preliminary Proposal Due Date(s) (required) (due by 5 p.m. submitting organization's local time): Second Tuesday in January, Annually Thereafter Full Proposal Deadline(s) (due by 5 p.m. submitting organization's local time): Fourth Tuesday in April, Annually Thereafter Important Information And Revision Notes Any proposal submitted in response to this solicitation should be submitted in accordance with the NSF Proposal & Award Policies & Procedures Guide (PAPPG) that is in effect for the relevant due date to which the proposal is being submitted. The NSF PAPPG is regularly revised and it is the responsibility of the proposer to ensure that the proposal meets the requirements specified in this solicitation and the applicable version of the PAPPG. Submitting a proposal prior to a specified deadline does not negate this requirement. Summary Of Program Requirements Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) Vulnerabilities in an open-source product and/or its continuous development, integration and deployment infrastructure can potentially be exploited to attack any user (human, organization, and/or another product/entity) of the product. To respond to the growing threats to the safety, security, and privacy of open-source

Application snapshot: target deadline rolling deadlines or periodic funding windows; published funding information Varies; eligibility guidance Institutions of higher education, nonprofits, for-profits; up to 2 preliminary proposals per organization

Use the official notice and source links for final requirements, attachment checklists, allowable costs, and submission instructions before applying.

NSF 24-608: Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) | NSF - U. S. National Science Foundation An official website of the United States government Official websites use .

gov A . gov website belongs to an official government organization in the United States. Secure .

gov websites use HTTPS. or https:// means you've safely connected to the . gov website.

Share sensitive information only on official, secure websites.

Research Experiences for Undergraduates For Early-Career Researchers Proposal & Award Policies & Procedures Guide (PAPPG) How We Make Funding Decisions Request a Change to Your Award Proposal & Award Policies & Procedures Guide (PAPPG) NSF Public Access Repository Who to Contact With Questions Facilities and Infrastructure Updates on NSF Priorities Our Directorates & Offices Biological Sciences (BIO) Computer & Information Science & Engineering (CISE) Integrative Activities (OIA) International Science & Engineering (OISE) Mathematical & Physical Sciences (MPS) Social, Behavioral & Economic Sciences (SBE) Technology, Innovation & Partnerships (TIP) National Center for Science & Engineering Statistics (NCSES) National Science Board (NSB) Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) Active funding opportunity This document is the current version.

NSF 24-608: Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) Posted: September 19, 2024 To save a PDF of this solicitation, select Print to PDF in your browser's print options. Program Solicitation NSF 24-608 U. S.

National Science Foundation Directorate for Computer and Information Science and Engineering Directorate for STEM Education Directorate for Technology, Innovation and Partnerships Preliminary Proposal Due Date(s) (required) (due by 5 p. m. submitting organization's local time): Second Tuesday in January, Annually Thereafter Full Proposal Deadline(s) (due by 5 p.

m. submitting organization's local time): Fourth Tuesday in April, Annually Thereafter Important Information And Revision Notes Any proposal submitted in response to this solicitation should be submitted in accordance with the NSF Proposal & Award Policies & Procedures Guide (PAPPG) that is in effect for the relevant due date to which the proposal is being submitted.

The NSF PAPPG is regularly revised and it is the responsibility of the proposer to ensure that the proposal meets the requirements specified in this solicitation and the applicable version of the PAPPG. Submitting a proposal prior to a specified deadline does not negate this requirement.

Summary Of Program Requirements Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) Vulnerabilities in an open-source product and/or its continuous development, integration and deployment infrastructure can potentially be exploited to attack any user (human, organization, and/or another product/entity) of the product.

To respond to the growing threats to the safety, security, and privacy of open-source ecosystems (OSEs), NSF is launching the Safety, Security, and Privacy for Open-Source Ecosystems (Safe-OSE) program.

This program solicits proposals from OSEs, including those not originally funded by NSF's Pathways to Enable Open-Source Ecosystems (POSE) program, to address significant safety, security, and/or privacy vulnerabilities, both technical (e. g. , vulnerabilities in code and side-channels) and socio-technical (e.

g. , supply chain, insider threats, etc.) Although most open-source products are software-based, it is important to note that Safe-OSE applies to any type of OSE, including those based on scientific methodologies, models, and processes; manufacturing processes and process specifications; materials formulations; programming languages and formats; hardware instruction sets; system designs or specifications; and data platforms.

The goal of the Safe-OSE program is to catalyze meaningful improvements in the safety, security, and privacy of the targeted OSE that the OSE does not currently have the resources to undertake.

Funds from this program should be directed toward efforts to enhance the safety, security, and privacy characteristics of the open-source product and its supply chain as well as to bolster the ecosystem's capabilities for managing current and future risks, attacks, breaches, and responses.

Broadening Participation in STEM: NSF has a mandate to broaden participation in science and engineering, as articulated and reaffirmed in law since 1950. Congress has charged NSF to “develop intellectual capital, both people and ideas, with particular emphasis on groups and regions that traditionally have not participated fully in science, mathematics, and engineering."

Cognizant Program Officer(s): Please note that the following information is current at the time of publishing. See program website for any updates to the points of contact. NSF SafeOSE: safeose@nsf.

gov Applicable Catalog of Federal Domestic Assistance (CFDA) Number(s): 47. 049 --- Mathematical and Physical Sciences 47. 070 --- Computer and Information Science and Engineering 47.

074 --- Biological Sciences 47. 075 --- Social Behavioral and Economic Sciences 47. 076 --- STEM Education 47.

079 --- Office of International Science and Engineering 47. 083 --- Office of Integrative Activities (OIA) 47. 084 --- NSF Technology, Innovation and Partnerships Anticipated Type of Award: Cooperative Agreement Estimated Number of Awards: 10 Anticipated Funding Amount: $15,000,000 Each award will be for 24 months.

The budget for Year 1 should be up to a maximum of $500,000 and the budget for Year 2 should be up to a maximum of $1,000,000, for a total budget of up to $1,500,000 per award. Estimated program budget, number of awards and average award size/duration are subject to the availability of funds.

Who May Submit Proposals: Proposals may only be submitted by the following: Non-profit, non-academic organizations: Independent museums, observatories, research laboratories, professional societies and similar organizations located in the U. S. that are directly associated with educational or research activities.

For-profit organizations: U. S. -based commercial organizations, including small businesses, with strong capabilities in scientific or engineering research or education and a passion for innovation.

State and Local Governments Tribal Nations: An American Indian or Alaska Native tribe, band, nation, pueblo, village, or community that the Secretary of the Interior acknowledges as a federally recognized tribe pursuant to the Federally Recognized Indian Tribe List Act of 1994, 25 U. S. C.

§§ 5130-5131. Institutions of Higher Education (IHEs) - Two- and four-year IHEs (including community colleges) accredited in, and having a campus located in the US, acting on behalf of their faculty members.

For Institutions of Higher Education: By the submission deadline, any PI, co-PI, or other Senior/Key Personnel must hold either: a tenured or tenure-track position, or a primary, full-time, paid appointment in a research or teaching position, or a staff leadership role in an Open-Source Program Office or equivalent position at a U. S.

-based campus of an Institution of Higher Education (see above), with exceptions granted for family or medical leave, as determined by the submitting institution. Individuals with primary appointments at overseas branch campuses of U. S.

institutions of higher education are not eligible. Researchers from foreign academic institutions who contribute essential expertise to the project may participate as Senior/Key Personnel or collaborators but may not receive NSF support.

For all other eligible proposing organizations: The PI must be an employee of the proposing organization who is normally resident in the US and must be acting as an employee of the proposing organization while performing PI responsibilities. The PI may perform the PI responsibilities while temporarily out of the U. S.

Individuals with primary appointments at non-U. S. based non-profit or non-U.

S. based for-profit organizations are not eligible. Limit on Number of Proposals per Organization: 2 Up to two (2) preliminary proposals per lead organization are allowed.

NSF will review the preliminary proposals and provide a binding "Invite" or "Do Not Invite" response for each preliminary proposal. Invited organizations will be allowed to submit a full proposal on the project described in the preliminary proposal by the full proposal submission deadline. Limit on Number of Proposals per PI or co-PI: There are no restrictions or limits.

Proposal Preparation and Submission Instructions A. Proposal Preparation Instructions Letters of Intent: Not required Preliminary Proposals: Submission of Preliminary Proposals is required. Please see the full text of this solicitation for further information.

Full Proposals submitted via Research. gov: NSF Proposal and Award Policies and Procedures Guide (PAPPG) guidelines apply. The complete text of the PAPPG is available electronically on the NSF website at: https://www.

nsf. gov/publications/pub_summ. jsp?

ods_key=pappg . Full Proposals submitted via Grants. gov: NSF Grants.

gov Application Guide: A Guide for the Preparation and Submission of NSF Applications via Grants. gov guidelines apply (Note: The NSF Grants. gov Application Guide is available on the Grants.

gov website and on the NSF website at: https://www. nsf. gov/publications/pub_summ.

jsp? ods_key=grantsgovguide ). Cost Sharing Requirements: Inclusion of voluntary committed cost sharing is prohibited.

Indirect Cost (F&A) Limitations: Other Budgetary Limitations: Preliminary Proposal Due Date(s) (required) (due by 5 p. m. submitting organization's local time): Second Tuesday in January, Annually Thereafter Full Proposal Deadline(s) (due by 5 p.

m. submitting organization's local time): Fourth Tuesday in April, Annually Thereafter Proposal Review Information Criteria National Science Board approved criteria. Additional merit review criteria apply.

Please see the full text of this solicitation for further information. Award Administration Information Additional award conditions apply. Please see the full text of this solicitation for further information.

Additional reporting requirements apply. Please see the full text of this solicitation for further information. Summary of Program Requirements Proposal Preparation and Submission Instructions Proposal Preparation Instructions Research.

gov/Grants. gov Requirements NSF Proposal Processing and Review Procedures Merit Review Principles and Criteria Review and Selection Process Award Administration Information Notification of the Award The term "open source" usually refers to software for which the original source code is publicly distributed to anyone and for any purpose, including for further development and refinement in a collaborative manner.

Open-source software (OSS) is ubiquitous: a 2022 report from GitHub estimated that 97% of software relies on OSS, and 90% of companies apply or use OSS in some way. OSS is also increasingly important to commercial enterprises, with 30% of Fortune 100 companies running open-source program offices (OSPOs) to coordinate their OSS strategies.

Increasingly, however, the term open source also refers to a range of publicly distributed products that transcend OSS, including scientific methodologies, models, and processes; manufacturing processes and process specifications; materials formulations; programming languages and formats; hardware instruction sets; system designs or specifications; and data platforms.

Academic and industrial scientists, engineers, researchers, and other professionals worldwide use distributed, collaborative open-source development methods to make a wide variety of products openly available with a goal of enabling nimble development and catalyzing further innovation.

Although open-source development methods accelerate and catalyze innovation, they can also create safety, security, and privacy risks and unintended harms. Adversaries can leverage the pillars of the open-source development philosophy - the democratization of development and broad opportunities for reuse - to insert and exploit vulnerabilities in open-source products.

For OSS, even code written in memory-safe languages can be compromised because code re-usability and modularity can introduce dependencies, complexity, and liabilities to the software development life cycle. A recent study found that 82% of OSS components present risks due to vulnerabilities, security issues, and code quality or maintainability concerns.

Furthermore, as noted in the report of a recent workshop sponsored by the Office of Management and Budget (OMB), NSF, and the National Institute for Standards and Technology (NIST) on the Open-source Software Security Initiative, the dynamics of complex, distributed organizations pose unique challenges in the creation and maintenance of a secure open-source ecosystem.

Thus, the characteristics of openness that make open-source such a powerful driver of innovation also enable many avenues of attack by adversaries using combinations of technical, social, and socio-technical approaches.

Vulnerabilities in an open-source product (software and non-software) and/or its continuous development, maintenance, integration, and deployment infrastructure can potentially be exploited to attack any user (human, organization, and/or another product/entity) of the product and/or its derivations.

To respond quickly to the growing threats to the safety, security, and privacy of OSEs, NSF is launching the Safety, Security, and Privacy of Open-source Ecosystems (Safe-OSE) program. This program seeks to fund impactful, mature open-source ecosystems to address important classes of safety, security, and privacy vulnerabilities.

In this context, mature signifies that the ecosystem in question has already established a robust community of contributors, an extensive group of users, a managing organization that steers the development of the product, and the essential infrastructure needed to keep the ecosystem running.

This program grows out of the Pathways to Enable Open-Source Ecosystems (POSE) program which supports new managing organizations to catalyze distributed, community-driven development and growth of new OSEs to address the discerned need to address safety, security, and privacy vulnerabilities in impactful OSEs.

Unlike NSF's Dear Colleague Letter inviting proposals related to open-source software security ( NSF 23-149 ), which focuses on fundamental cybersecurity research, the Safe-OSE program solicits proposals from OSEs, including those not originally funded by POSE, to address safety, security, and/or privacy vulnerabilities proactively in existing, mature OSEs. These vulnerabilities can be technical (e. g.

, vulnerabilities in code, side-channels potentially disclosing sensitive information) and/or socio-technical (e. g. , supply chain issues, insider threats, etc.)

, as long as they are deemed significant in the context of the OSE. The goal of the Safe-OSE program is to catalyze meaningful improvements in the safety, security, and privacy of the targeted OSE that the managing organization does not currently have the resources to undertake.

The program especially focuses on efforts in which enhancing the safety, security, and privacy of the OSE will lead to demonstrable improvement in its positive societal and economic impacts. Proposals to this program should provide clear evidence that OSE team leaders have established a thorough understanding of the threat landscape, vulnerabilities, and/or failure modes for the open-source product(s) managed by the OSE.

Proposals should describe, where appropriate, what other products depend upon the safe, secure, and privacy-preserving functions of the OSE. Proposals should situate the OSE's threat landscape in the larger context of known threats and/or vulnerabilities and discuss any significant prior incidents affecting the product(s).

A realistic plan for addressing risks related to safety, security, and privacy should address the threat landscape and describe how Safe-OSE funding will meaningfully improve the OSE's capabilities for addressing vulnerabilities as well as for detecting and recovering from incidents.

Funds from this program should not be directed toward fundamental research or at readily resolvable, known bugs/issues, but rather toward strategies, methods, and actions that will fundamentally improve the open-source product's safety, security, and privacy stance. Funds from this program can also be directed at efforts to bolster the OSE's resiliency for recovering from future incidents.

Thus, the proposal should articulate how Safe-OSE funding will improve the broader national, societal, and/or economic impacts of the OSE by hardening it against adverse events over the long term. Estimated program budget, number of awards and average award size/duration are subject to the availability of funds. IV.

Eligibility Information Who May Submit Proposals: Proposals may only be submitted by the following: Non-profit, non-academic organizations: Independent museums, observatories, research laboratories, professional societies and similar organizations located in the U. S. that are directly associated with educational or research activities.

For-profit organizations: U. S. -based commercial organizations, including small businesses, with strong capabilities in scientific or engineering research or education and a passion for innovation.

State and Local Governments Tribal Nations: An American Indian or Alaska Native tribe, band, nation, pueblo, village, or community that the Secretary of the Interior acknowledges as a federally recognized tribe pursuant to the Federally Recognized Indian Tribe List Act of 1994, 25 U. S. C.

§§ 5130-5131. Institutions of Higher Education (IHEs) - Two- and four-year IHEs (including community colleges) accredited in, and having a campus located in the US, acting on behalf of their faculty members.

For Institutions of Higher Education: By the submission deadline, any PI, co-PI, or other Senior/Key Personnel must hold either: a tenured or tenure-track position, or a primary, full-time, paid appointment in a research or teaching position, or a staff leadership role in an Open-Source Program Office or equivalent position at a U. S.

-based campus of an Institution of Higher Education (see above), with exceptions granted for family or medical leave, as determined by the submitting institution. Individuals with primary appointments at overseas branch campuses of U. S.

institutions of higher education are not eligible. Researchers from foreign academic institutions who contribute essential expertise to the project may participate as Senior/Key Personnel or collaborators but may not receive NSF support.

For all other eligible proposing organizations: The PI must be an employee of the proposing organization who is normally resident in the US and must be acting as an employee of the proposing organization while performing PI responsibilities. The PI may perform the PI responsibilities while temporarily out of the U. S.

Individuals with primary appointments at non-U. S. based non-profit or non-U.

S. based for-profit organizations are not eligible. Limit on Number of Proposals per Organization: 2 Up to two (2) preliminary proposals per lead organization are allowed.

NSF will review the preliminary proposals and provide a binding "Invite" or "Do Not Invite" response for each preliminary proposal. Invited organizations will be allowed to submit a full proposal on the project described in the preliminary proposal by the full proposal submission deadline. Limit on Number of Proposals per PI or co-PI: There are no restrictions or limits.

Additional Eligibility Info: Collaborative Proposals: Although proposals may be multi-organizational, a single organization must serve as the lead and all other organizations as sub-awardees. Collaborative proposals arranged as separate submissions from multiple organizations will not be accepted in response to this solicitation.

Organizations ineligible to submit to this program solicitation may not receive sub-awards; if ineligible organizations are part of the team, their participation is expected to be supported by non-NSF sources. Ownership and Control Requirements: Non-profit and for-profit proposing organizations must be U. S.

-based, and U. S. -owned and controlled, as described in the following.

A majority (more than 50%) of a proposing organization's equity (e. g. , stock) must be directly owned and controlled by one of the following: One or more individuals who are citizens or permanent residents of the U.

S. ; Other U. S.

firms, each of which is directly owned and controlled by individuals who are citizens or permanent residents of the U. S. ; A combination of (1) and (2) above.

If an Employee Stock Ownership Plan owns all or part of a proposing organization, each stock trustee and plan member is considered an owner. If a trust owns all or part of the organization, each trustee and trust beneficiary is considered an owner. The above ownership requirement states that at least a majority of a proposing organization's equity must be held by certain types of eligible entities (individuals and/or other firms).

Therefore, when determining your organization's eligibility, you must be able to identify an ownership majority (of individuals and/or entities) that is made up of eligible individuals and/or other firms. Each individual included as part of the eligible ownership majority of a proposing organization must be either a citizen or permanent resident of the U. S.

The term "individual" refers only to actual people - it does not refer to companies or other legal entities of any sort. "Permanent resident" refers to an individual admitted to the United States as a lawful permanent resident by the U. S.

Citizenship and Immigration Services. If you include other firms as part of the eligible ownership majority of a proposing organization, you should verify that each such firm is more than 50% owned and controlled by individuals who are U. S.

citizens or permanent residents. Ownership refers to direct ownership of stock or equity of a proposing organization. Equity ownership is determined on a fully diluted basis.

This means that the determination considers the total number of shares or equity that would be outstanding if all possible sources of conversion were exercised, including, but not limited to: outstanding common stock or equity, outstanding preferred stock (on a converted-to common basis) or equity, outstanding warrants (on an as-exercised-and-converted-to-common basis), outstanding options and options reserved for future grants, and any other convertible securities on an as-converted-to-common basis.

The purpose of the ownership requirement is to ensure that a recipient organization is controlled directly by individuals who are U. S. citizens or permanent residents or by firms that are majority-owned by U.

S. citizens or permanent residents. Therefore, actual control of the organization must reside within the eligible ownership majority and may not reside outside of that ownership block.

One of the following must describe the control of the proposing organization - the company must be more than 50% controlled by: One U. S. citizen or permanent resident; or more than one U.

S. citizen or permanent resident; One other U. S.

firm that is directly owned and controlled by U. S. citizens or permanent residents; More than one other U.

S. firm, each of which is directly owned and controlled by U. S.

citizens or permanent residents; or Any combination of the above. Cost Principles for For-Profit Organizations: For-profit entities are subject to the cost principles contained in the Federal Acquisition Regulation, Part 31 . Legal Right to Work: The PI and all employees of the proposing organization who will receive Safe-OSE funding support must have a legal right to work in the U.

S. for the proposing organization. V.

Proposal Preparation And Submission Instructions A. Proposal Preparation Instructions Preliminary Proposals (required) : Preliminary proposals are required and must be submitted via Research. gov, even if full proposals will be submitted via Grants.

gov. Preliminary proposals to the Safe-OSE solicitation require the following sections of a proposal: Cover Sheet, Project Summary, Project Description, References Cited, and Letters of Collaboration (uploaded as Other Supplementary Documents).

Proposers must include a Project Description of up to five (5) pages addressing the following: Describe the current status of the targeted OSE and provide pointers to the OSE managing organization and the public repositories for the open-source product. As the PAPPG does not permit URLs in the Project Description, use the References Cited section of the proposal to identify the appropriate resources.

Describe the national/societal/economic impacts of the OSE. Articulate the targeted classes of safety, security, and/or privacy vulnerabilities to be addressed and the broader impacts of addressing them. Discuss, as appropriate, the potential attacks that could take advantage of these vulnerabilities.

Briefly describe a development plan to address these vulnerabilities. Briefly describe an evaluation plan to assess the efficacy of the work. Provide information to substantiate compliance with the eligibility requirements.

Letters of Collaboration: Include a minimum of three and up to five letters of collaboration from representatives of end-user organizations who have a working knowledge of the open-source product that is the subject of the preliminary proposal and the associated vulnerabilities.

Each letter writer should succinctly describe how their organization is impacted by the vulnerabilities described in the preliminary proposal and their motivation for having these vulnerabilities addressed. These letters do not have to conform to the standard format specified in the PAPPG.

Letters from Federal, State, and/or local governments and/or Tribal Nations are welcome, but for government users a point of contact with whom NSF can follow up may suffice in lieu of a letter.

In addition to the above information, each letter of collaboration (not to exceed two pages) must include the name of the letter writer, current affiliations (institution or place of employment), and relationship to the members of the proposing team. All letters must be uploaded as Other Supplementary Documents. NSF will review the preliminary proposals and provide binding "Invite" or "Do Not Invite" responses.

Invited organizations will be allowed to submit a proposal on the project described in the preliminary proposal by the full-proposal submission deadline. Full Proposal Preparation Instructions: Proposers may opt to submit proposals in response to this Program Solicitation via Research. gov or Grants.

gov. Full Proposals submitted via Research. gov: Proposals submitted in response to this program solicitation should be prepared and submitted in accordance with the general guidelines contained in the NSF Proposal and Award Policies and Procedures Guide (PAPPG).

The complete text of the PAPPG is available electronically on the NSF website at: https://www. nsf. gov/publications/pub_summ.

jsp? ods_key=pappg . Paper copies of the PAPPG may be obtained from the NSF Publications Clearinghouse, telephone (703) 292-8134 or by e-mail from nsfpubs@nsf.

gov . The Prepare New Proposal setup will prompt you for the program solicitation number. Full proposals submitted via Grants.

gov: Proposals submitted in response to this program solicitation via Grants. gov should be prepared and submitted in accordance with the NSF Grants. gov Application Guide: A Guide for the Preparation and Submission of NSF Applications via Grants.

gov . The complete text of the NSF Grants. gov Application Guide is available on the Grants.

gov website and on the NSF website at: ( https://www. nsf. gov/publications/pub_summ.

jsp? ods_key=grantsgovguide ). To obtain copies of the Application Guide and Application Forms Package, click on the Apply tab on the Grants.

gov site, then click on the Apply Step 1: Download a Grant Application Package and Application Instructions link and enter the funding opportunity number, (the program solicitation number without the NSF prefix) and press the Download Package button. Paper copies of the Grants. gov Application Guide also may be obtained from the NSF Publications Clearinghouse, telephone (703) 292-8134 or by e-mail from nsfpubs@nsf.

gov . See PAPPG Chapter II. D.

2 for guidance on the required sections of a full research proposal submitted to NSF. Please note that the proposal preparation instructions provided in this program solicitation may deviate from the PAPPG instructions. Proposal Preparation Instructions: Proposers should submit proposals in response to this Program Solicitation via Research.

gov. IMPORTANT: Institutions submitting proposals to this solicitation must have an active UEI (Unique Entity Identifier) through SAM. gov .

Please note: Registration through SAM. gov can take several weeks. Collaborative Proposals .

If a proposal involves multiple organizations, it must be submitted as a single proposal with sub-awards; separately submitted collaborative proposals ("linked collaboratives") are not permitted. The following instructions supplement guidelines in the PAPPG and the NSF Grants. gov Application guide.

Title . Proposal titles must begin with "NSF Safe-OSE " followed by a colon (":"), and then the title of the project. For example, a proposal could have a title of the form NSF Safe-OSE: Title.

Project Summary . The last line of the Project Summary must have a prioritized list of 2-5 keywords that best characterize the technical field and impact area in which the OSE operates. The keywords must be words (or phrases) that describe the primary impact area for the OSE - e.

g. , "Artificial Intelligence", or "Healthcare", etc. The list should start with "Keywords:" followed by a list of keywords separated by semi-colons (";").

Project Description . Invited proposers should include a Project Description of up to fifteen (15) pages that addresses the following: Describe the current status of the targeted OSE and provide pointers to the OSE managing organization and the public repositories for the open-source product.

As the PAPPG does not permit URLs in the Project Description, use the References Cited section of the proposal to identify the appropriate resources. Describe the national/societal/economic impacts of the OSE.

This program will prioritize funding for OSEs where safety/security/privacy improvements will have demonstrable benefits to society and/or the economy and/or contributions to national infrastructure with respect to societal and/or economic safety, security, and privacy. Describe, where appropriate, what other products depend upon the safe, secure, and privacy-preserving function of the OSE.

Articulate the targeted classes of safety, security, and/or privacy vulnerabilities to be addressed and the broader impacts of addressing them. Discuss, as appropriate, the attack methods being targeted, including technical (e. g.

, vulnerabilities in code and side-channels potentially disclosing sensitive information) and/or socio-technical (e. g. , supply chain issues, insider threats, etc.

and lack of compliance) methods. Describe any known, prior instances of such attacks, risks, or potential attacks exploiting the targeted vulnerabilities. Provide a detailed development plan to address these vulnerabilities.

The plan should include key milestones with separate subsections pertaining to the first year and the second year of the award period. For software-focused OSEs, describe, as appropriate, any important technical considerations such as the use of memory-safe languages and/or software bills of materials. Describe an evaluation plan to assess the efficacy of the proposed work and the achievement of key milestones.

The plan should include metrics for measuring success and any tools or benchmarks (if applicable) to be used during the evaluation. Ideally, the evaluation plan will include testing/validation opportunities for existing users. Provide information to substantiate compliance with the eligibility requirements (See Section IV above).

Budget and Budget Justification. Proposal budgets should comply with the following guidelines: The maximum budget shown on the Cover Sheet and on the budget must not exceed $1,500,000, with no more than $500,000 budgeted for the first year of the proposal. Proposals with budgets in excess of these limits will be returned without review.

Senior/Key Personnel (Line A) and Other Personnel (Line B) IHEs; State and Local Governments (see the solicitation for eligibility details) For existing employees: Personnel on budget lines A and B may request salary support at a rate up to their current salary rate. The budget justification should include a statement for each person affirming that the requested salary rate is no greater than the current salary rate for the person.

For new employees: Salary rates must be consistent with the established, written policies of the organization Non-profit and for-profit organizations: The requested Phase I salary rates for personnel on budget lines A and B should be no greater than the relevant 75th percentile Bureau of Labor Statistics (BLS) rate ( https://www. bls.

gov/ ) corresponding to the responsibilities of the position and geographic location where the work will be carried out, and for each employee the budget justification must include a Standard Occupational Classification (SOC) code and a live link to the relevant BLS web page. NSF may question the reasonableness of any personnel salary rates that exceed the relevant 75th percentile BLS rate.

Any rates exceeding this level must be strongly justified in the budget justification. Note that NSF does not recognize the C-level roles for the determination of salary rates - the BLS rates must correspond to specific responsibilities.

Note that the normal 2-month per year limit on salary support is not enforced in the Safe-OSE program, but requests for support in excess of 2 months per year will need an explicit justification per PAPPG II. D. 2.

f. (i)(a). Use 173.

33 hours per month in salary calculations, where appropriate. All personnel on Lines A and B of the main budget must be employees of the proposing organization. In the budget justification provide title, salary rate information, time commitment, total requested salary, and a description of responsibilities for the PI and other Senior/Key Personnel (Line A) and for all Other Personnel listed in budget Line B.

The number of calendar months shown in the budget should reflect the number of person-months for which Safe-OSE funding is requested.