Open Source Technology Improvement Fund
The Open Source Technology Improvement Fund is a corporate non-profit dedicated to securing open source apps that we all depend on. Securing software isn’t easy, and we know what it takes to succeed. By facilitating security audits and reviews, OSTIF makes it easy for projects to significantly improve security.
Connecting Security Experts
We maintain a global community of researchers and auditors who specialize in open-source security, and can quickly organize major initiatives when the need arises.
Our team navigates the complexities of procuring security resources so you don’t have to.
Cost-effective and productive audits
Leading research suggests that focused, properly scoped security reviews result in significant and impactful improvements.
Our proven methodology and deep expertise allow us to deliver audits effectively and efficiently.
Better Security Through Community
Through the Open Source Technology Improvement Fund, projects have been able to find and fix critical security bugs. Working together, we have protected millions of technology users around the globe.
10
partner projects
25+
sponsors
3000+
hours of audits
100+
bugs patched
billions
protected
Support the OSTIF Mission
Open-source projects keep today’s Internet infrastructure afloat. They are critical for the operation of every webserver, every browser, and every banking platform. And they are cared for by a surprisingly small group of people with a limited amount of time. Without dedicated security experts, these projects often don’t get the attention they require.
We can do it with help from supporters like you.
Google is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software Announcement: Google is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software. OSTIF is elated to announce that we are planning to… Read more »
A Review of the Linux Kernel’s Release Signing and Key Management Policies The Linux Foundation sought a review of the kernel teams’ processes for release signing and for the policies and procedures for the handling of the signing keys. Working with OSTIF,… Read more » A Review of the Linux Kernel’s Vulnerability Reporting and Remediation The Linux Foundation has sponsored a review of the Linux Kernel's practices and policies around how security vulnerabilities are reported to the kernel team, how those reports are processed and… Read more »