Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.opensourcemalware.com/llms.txt

Use this file to discover all available pages before exploring further.

The Research Partner Program is for security research teams that actively discover open source supply chain threats as part of their work. Partners contribute verified threat reports to the OSM database on a recurring basis and receive expanded platform access and public recognition in return. The program is invite-only and managed by the OSM team. You may express interest in the program through the Contact Us page.

Who qualifies

Research Partners are security teams at organizations where security is central to the business. The profile is a team that discovers malicious open source assets (packages, repositories, or related infrastructure) as part of their operational or product security work, and has the capability to document and submit those findings in a structured format. To be considered, your team should:
  • Have an active security research function focused on OSS threats
  • Have a documented track record of discovering or reporting malicious open source assets
  • Be associated with an organization (independent researchers are not eligible)
  • Be capable of submitting reports through the submit-threat API
Prospective Research Partners are thoroughly vetted to ensure the relationship is mutually beneficial, and that the Partners have the community’s best interest in mind.

What partners commit to

Research Partners agree to a minimum contribution of at least two (2) threat submission events per week and a monthly minimum number of threat reports. Their contributions are evaluated using the same verification standards applied to all community reports. If a partner team goes inactive, they may be suspended from the program. Teams that don’t resume contributions will be transitioned back to standard community membership.

What partners receive

Research Pro access All partner team members receive Research Pro tier accounts for the duration of the partnership. This provides access to IOCs and threat graphs, the Intel Library, a higher API rate limit, additional custom alerts, and an exclusive researcher community. Leaderboard recognition Partner teams appear on the Security Researcher Leaderboard as a company, with attribution on every verified report they submit. OSM attributes each verified report to your team by name. Marketing Significant findings may be featured in OSM blog posts or social media, with your team credited as the source. Partners are periodically recognized in social media and newsletters for contributions. Publishing rights Research Partner teams may publish original research and threat write-ups on the OSM blog, subject to editorial review.