Many open source software (OSS) projects need more human resources for maintenance, improvements, and sometimes even their survival. These needs allegedly apply even to vital OSS projects that can be seen as being a part of the world's critical infrastructures. To address this resourcing problem, new funding instruments for OSS projects have been established in recent years. The paper examines two such funding bodies for OSS and the projects they have funded. The focus of both funding bodies is on software security and cyber security in general. Based on qualitative thematic analysis, the results indicate that particularly OSS supply chains, network and cryptography libraries, programming languages, and operating systems and their low-level components have been funded and thus seen as critical in terms of cyber security. In addition to the qualitative results presented, the paper makes a contribution by connecting the research branches of critical infrastructure and sustainability of OSS projects. A further contribution is made by connecting the topic examined to recent cyber security regulations. Finally, an important argument is raised that neither cyber security nor project sustainability alone can entirely explain the rationales behind the funding decisions made by the two funding bodies.

翻译：许多开源软件（OSS）项目在维护、改进甚至生存方面需要更多人力资源。这些需求据称甚至适用于那些被视为全球关键基础设施重要组成部分的关键性OSS项目。为解决这一资源问题，近年来已建立了针对OSS项目的新型资助机制。本文考察了两个此类资助机构及其资助的项目，这两个机构的共同关注领域是软件安全及广义的网络安全。基于定性主题分析的结果表明，特别是OSS供应链、网络与密码学库、编程语言、操作系统及其底层组件获得了资助，因而被视为网络安全关键领域。除呈现定性结果外，本文通过连接关键基础设施与OSS项目可持续性这两大研究分支做出贡献，进一步将研究主题与近期网络安全法规相联系。最终提出一个重要论点：无论是网络安全还是项目可持续性，均无法单独完全解释这两个资助机构做出资助决策背后的理据。