• Assistant Director

Sara Ann Brackett

Sara Ann Brackett is an Assistant Director with the Cyber Statecraft Initiative, part of the the Atlantic Council Tech Programs. She focuses her work on open-source software security (OSS), software bills of materials (SBOMs), software liability, and software supply-chain risk management within the Initiative’s Systems Security portfolio.

Brackett graduated from Duke University, where she majored in Computer Science and Public Policy and wrote a thesis on the effects of market concentration on cybersecurity. She participated in the Duke Tech Policy Lab’s Platform Accountability Project and worked with the Duke Cybersecurity Leadership Program as part of Professor David Hoffman’s research team.

December 2024

The Eight Body Problem: Exploring the Implications of Salt Typhoon 

by Cyber Statecraft Team

The Cyber Statecraft community and friends offer their thoughts on the implications of the Salt Typhoon campaign based on what is known to date, what the campaign says about the last four years of cybersecurity policy, and where policymakers should focus in the months ahead.
read more
April 2024

O$$ Security: Does More Money for Open Source Software Mean Better Security? A Proof of Concept

by Sara Ann Brackett, John Speed Meyers, Stewart Scott

A proof-of-concept study looking for correlation between open source software project funding and security practices at scale.
read more
January 2024

Design Questions in the Software Liability Debate

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.
read more