January 23, 2023 — The Institute for Security and Technology is working with others to secure the open-source software ecosystem. Now, we are excited to have the support of Omidyar Network, a social change venture that works to reimagine critical systems and the ideas that govern them. 

“Open-source software is the structural building block for the digital infrastructure that supports the modern world. It is of the utmost importance to develop an approach that anticipates vulnerabilities and other risks such as malicious code before they impact the entire Internet infrastructure. The support of Omidyar Network will enable IST to address this challenge through research, convenings, the establishment of a working group, and awareness campaigns,” said Chief Strategy Officer Megan Stifel.

“The safety of the open-source system cannot be emphasized enough. Open-source software is integral to the infrastructure that powers our daily lives, from power grids and hospitals to transportation systems and phones,” said Govind Shivkumar, Director, Responsible Technology at Omidyar Network. “That is why Omidyar Network is proud to support IST as they build a system that is reliable and secure for all to use.”

Through our partnership with Omidyar Network, IST will work to bridge the gap between software developers, standards developing organizations (SDOs), and open source software implementers. 

Using the disclosure of the Log4j software vulnerability as a case study, IST will unpack the security challenges in the open-source software ecosystem and the shortcomings of the existing open-source software maintenance infrastructure. With the support of Omidyar Network, IST will not only identify the problem, but seek out sustainable, stakeholder-driven solutions.