The Open Source Technology Improvement Fund is a corporate non-profit dedicated to securing open source apps that we all depend on. Securing software isn’t easy, and we know what it takes to succeed. By facilitating security audits and reviews, OSTIF makes it easy for projects to significantly improve security.

Connecting Security Experts

We maintain a global community of researchers and auditors who specialize in open-source security, and can quickly organize major initiatives when the need arises.

Our team navigates the complexities of procuring security resources so you don’t have to.

Learn more about OSTIF »

Cost-effective and productive audits

Leading research suggests that focused, properly scoped security reviews result in significant and impactful improvements.

Our proven methodology and deep expertise allow us to deliver audits effectively and efficiently.

OSTIF supported projects »

Better Security Through Community

Through the Open Source Technology Improvement Fund, projects have been able to find and fix critical security bugs. Working together, we have protected millions of technology users around the globe.

partner projects


hours of security review

bugs patched


Support the OSTIF Mission

Open-source projects keep today’s Internet infrastructure afloat. They are critical for the operation of every webserver, every browser, and every banking platform. And they are cared for by a surprisingly small group of people with a limited amount of time. Without dedicated security experts, these projects often don’t get the attention they require.

We can do it with help from supporters like you.

Become a SponsorDonate Today

Our Audit of CRI-O is Complete – High Severity Issues Found and Fixed Open Source Technology Improvement Fund is thrilled to report the results of a security audit of CRI-O. CRI-O is an open source software (OSS) project that is an implementation of… Read more »
Our Audit of Flux2 is Complete We have been working with the team over at the Flux project on a security review and improving their tooling. The Cloud Native Computing Foundation contacted us a few months… Read more »
OSTIF has Received Another Contribution from DuckDuckGo Duckduckgo, the privacy search engine, has contributed to OSTIF for a second time by donating $25,000 USD. Their site that tracks their charitable donations Spread Privacy has the official announcement.… Read more »