HDF5 SHINES - The HDF Group - ensuring long-term access and usability of HDF data and supporting users of HDF technologies

US NSF official logo

Strengthening Safety, Security, and Privacy in the HDF5 Ecosystem

An Award of the U.S. National Science Foundation Safe-OSE Program

The HDF Group has been selected as one of eight inaugural awardees under the National Science Foundation’s Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) program.

Our Mission

This project focuses on addressing critical safety, security, and privacy vulnerabilities in HDF5, strengthening the resilience of an ecosystem that serves thousands of organizations worldwide in fields ranging from scientific research to national security.

Duration	October 1, 2025 – September 30, 2027
Sponsor	National Science Foundation
Program Name	Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE)
Award Number	2534078
Project Title	NSF-Safe-OSE: Strengthening HDF5 for Science, Industry, and National Security Applications
Short Title	HDF5 SHINES
Project Goals	Identify and address vulnerabilities in HDF5 core libraries Strengthen CI/CD infrastructure to prevent security issues before deployment Build community capacity to maintain safety, security, and privacy improvements long-term Create security best practices documentation for HDF5 developers and users
Principal Investigator	Gerd Heber, Executive Director, The HDF Group

Get Involved

Let us know your concerns and priorities
- Take our survey
- Submit your ideas, get monthly update highlights, and learn about upcoming events on the Community Forum
Quarterly Community Calls will be scheduled starting in early 2026
Special Interest Group: We’re assembling a SIG to guide our priorities. If you represent a major HDF5 stakeholder organization and would like to participate, please contact us.
Join the HDF5 SHINES Mailing lists
- Open, low-traffic announcements from the HDF5 SSP SIG: On the web or email hdf5-ssp-announce+subscribe@groups.io to join
- Open list for general discussion of HDF5 SSP topics: On the web or email hdf5-ssp-discuss+subscribe@groups.io to join

Save the Date and meet us in San Diego!

Mark your calendars! SHINES and The HDF Group’s Safety, Security, and Privacy (SSP) initiative is heading to SSDBM ’26 (the 38th International Conference on Scientific and Statistical Database Management). We are thrilled to announce that we are co-locating a dedicated afternoon of specialized programming at the conference on Wednesday, August 12, 2026.

This co-located session will bring together researchers, developers, and practitioners to discuss the unique security and privacy challenges native to high-performance scientific data management, alongside the technical milestones achieved through the HDF5 SHINES project. We will dive deep into vulnerability lifecycle advancements, dependency mapping, and modern supply-chain standards for scientific infrastructure. Full program schedule, speaker line-ups, and registration links will be released in the coming weeks.

The HDF5 SHINES Roadmap: Latest Updates & Milestones

📺 Webinars & Recordings

Advancing HDF5 Security: New CNA Status & Digital Signatures – Call the Doctor with Glenn Song (April 7, 2026)
The HDF5 Safety, Security, and Privacy (SSP) Survey — Update – Call the Doctor with Gerd Heber (March 3, 2026)
SBOMs & Sunshine: The HDF5 SHINES Check-In – Call the Doctor with Gerd Heber (Feb 3, 2026)
Securing the HDF5 Ecosystem: A Comprehensive Review of CVE Findings – Call the Doctor with Neil Fortner (Jan 20, 2026)
SAFE-OSE: Hardening the HDF5 Ecosystem Together – Call the Doctor with Gerd Heber (Dec 2, 2025)

✍️ Technical Deep Dives & Blogs

The New HDF5 Vulnerability Disclosure Policy
The HDF Group Designated as a CVE Numbering Authority, Taking Control of the HDF5 Vulnerability Lifecycle – Press Release
Strengthening the HDF5 Ecosystem: Updates from the NSF SHINES Initiative – NSF SHINES Newsletter #1
HDF5 2.0.0 Library Migration Guide
Safety, Security, and Privacy in HDF5: A Shared Vocabulary – Setting the stage for our security-first culture.
The HDF Group Receives U.S. National Science Foundation (NSF) Safe‑OSE Award to Strengthen HDF5 Security for Science, Industry, and National Security – Press Release

This material is based upon work supported by the U.S. National Science Foundation under Federal Award No. 2534078. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.