The Open Source Technology Improvement Fund is a corporate non-profit dedicated to securing open source apps that we all depend on. Securing software isn’t easy, and we know what it takes to succeed. By facilitating security audits and reviews, OSTIF makes it easy for projects to significantly improve security.

Better Security Through A Massive Community



Through the Open Source Technology Improvement Fund, projects have been able to find and fix critical security bugs.

partner projects

world class security experts

hours of security review

severe bugs patched


Support the OSTIF Mission

Open-source projects keep today’s Internet infrastructure afloat. They are critical for the operation of every webserver, every browser, and every banking platform. And they are cared for by a surprisingly small group of people with a limited amount of time. Without dedicated security experts, these projects often don’t get the attention they require.

We can do it with help from supporters like you.

Become a Sponsor

Bugs? Search Me!- OpenSearch Security Audit Completed! OSTIF and X41-Dsec collaborated with OpenSearch on a security audit on v. 2.8.0 of the open source search engine. As a search engine, this project handles sensitive data and therefore… Read more »
jKube Security Audit Completed! OSTIF and Trail of Bits coordinated and executed a security audit of Eclipse JKube, an Eclipse Foundation project. Eclipse JKube is an assembly of plugins and libraries for building container… Read more »
OSTIF’s Favorite Bug- DragonFly! This summer, over four engineer weeks, Trail of Bits and OSTIF collaborated on a security audit of DragonFly. A CNCF Incubating Project, DragonFly functions as file distribution for peer-to-peer technologies.… Read more »