Safe‑OSE: Hardening the HDF5 Ecosystem Together - Gerd Heber on Call the Doctor 12/2/25
HDF5 quietly sits in the critical path of science, industry, and national security: from climate models and telescopes to nuclear simulations, finance, and health data. That also makes it part of our software supply chain – and a tempting target or an accident waiting to happen. Over 100 HDF5‑related CVEs have been reported since 2016, with issues ranging from denial‑of‑service to potential code execution.
Safe‑OSE (Safe Open‑Source Ecosystems) is the name of an NSF program under which The HDF Group was awarded funding for its project titled “NSF‑Safe‑OSE: Strengthening HDF5 for Science, Industry, and National Security Applications” (Award #2534078). This is our initiative to systematically strengthen the HDF5 ecosystem’s safety, security, and privacy posture. It combines a structured audit of HDF5 and its ecosystem, concrete mitigation work in the core library and extensions, and ongoing community processes around threat modeling, secure development, and training.
In this 20‑minute clinic, The HDF Group’s Gerd Heber will outline the Safe‑OSE vision, how it connects to the existing S2‑D2 research project on securing self‑describing data formats, and what this could mean for your code, your data, and your users. We’ll also introduce a new HDF5 Security SIG and concrete ways you can get involved—from sharing use cases, to helping with threat modeling, to piloting secure plugins and tools.
To join, just jump on the zoom:
Launch Meeting - Zoom
December 2, 2025,12:20 p.m. central time US/Canada
This material is based upon work supported by the National Science Foundation under Federal Award No. 2534078. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.