Overall Costs

We asked the authors of each stream proposal to develop an approach that was both pragmatic and ambitious, that scaled up existing efforts or applied proven techniques from one part of the OSS ecosystem to the rest, and that set meaningful goals achievable within the first two years if sufficiently resourced. We asked them to develop a budget for these approaches that was both lean and realistic, so as to determine the rough magnitude of investment required to provide high confidence these goals could be met, though as noted earlier there are many factors that could influence these costs both upwards and downwards. And yet, we feel the estimates below adequately sets expectations for the scope of investment required, with perhaps a 50% margin of error in either direction. As with all such work, there are three variables at play: time, money, and scope. We anticipate all three evolving as our work on the plan continues, driving towards a moment where funding, leadership, and approach is locked in and the “first year” clock starts.

In that spirit, we feel the below represents an investment portfolio that, while non-trivial, has an immense potential for substantially greater returns in the form of fewer attacks and disruption. We are eager to work with academics and researchers who might help us quantify that value in the form of fewer data breaches (and fines), system downtimes due to rushed upgrades, fewer cybersecurity insurance pay-outs and lowered premiums, and other signs that these investments will pay off.