OSTIF would not be possible without our fantastic collaborators, partnerships, funders, and friends. Over the past 10 years, we’ve met so many amazing people, several of whom we have the utmost privilege of working with. It is deeply important to us that we give credit where credit is due. OSTIF wants to raise the visibility of our community and contributors through our new Community Spotlight Program.
Every quarter, we will share a brief introduction and interview with an OSTIF community member. These are individuals or firms who work with us, support us, and help us improve open source security. Often, their work with us is a small part of their involvement in open source. We would like this program to highlight skills, experience, and impact to the community and to OSTIF. Hopefully, our community will learn more about each other and the ecosystem through these candid interviews with individuals and organizations working with open source. Ultimately, open source is possible because of people, and we’d like to introduce you to some of the best people we know.
001.2025 Community Spotlight- David Korczynski and Adam Korczynski of Ada Logics
David Korczynski and Adam Korczynski are the founders of ADA Logics, a security firm working out of London, United Kingdom. The company was founded in Oxford, UK and has worked with OSTIF on over 30 engagements since 2021. Specializing in fuzzing work, the firm also offers pentesting, code review, and supply chain security expertise with particular experience with LLMs and Kubernetes. From Cloud Native Computing Foundation projects to energy infrastructure, OSTIF trusts David and Adam to execute work to their very high standards.
Additionally, we’ve had the opportunity to hang out with them all over the world, and can confirm they are wonderful (and very tall) folks to spend time with.
Please provide a quote about your relationship or work with OSTIF. What do we do together and what does it mean to you?
Adam: I work with OSTIF on security audits for open source software. We audit a wide range of software projects from low-level packages to cloud native projects and everything inbetween.
David: Work with OSTIF on security audits of critical open source projects. We have worked together for several years and the collaboration is important to me. OSTIF pushes an agenda of securing widely used open source projects in a cost-effective manner, often with funds from larger organisations that have infinitely many more resources than the open source projects, OSTIF or us. To this end, I’m proud of working alongside OSTIF as I consider it a positive-sum game through and through.
How did you get involved in open source?
Adam: I started out by contributing to a small set of projects and then my involvement grew. In my early days with open source, I got involved in a handful of projects where I could make a big impact. After that, my involvement in the community grew, and I began contributing to open source in more ways such as more projects, public speaking and technical writing. Even when I don’t contribute, I learn a lot from the open-source community: code practices, software development practices, security research, testing practices and adoption and usage of the latest tools.
David: I was introduced to developing and contributing to open source during my PhD as we published tools in open source, and I leveraged a lot of open source tooling as part of my research. It was a big eye opener when I first got involved in open source, because it felt like an enormous ocean of exciting and interesting projects immediately accessible. Open source is great for a curious mind because you have so much opportunity to look around how projects get built and how ecosystems form. As such, I first got involved in open source proper as part of my research efforts.
What open source communities are you involved in?
Adam: I contribute security work to many different ecosystems. Currently, I am quite involved in several fuzzing projects such as OSS-Fuzz, Fuzz-Introspector, OSS-Fuzz-Gen, and outside of fuzzing, the cloud-native ecosystem, the Sigstore ecosystem and OSSF’s Scorecard project. I have also recently been involved in critical infrastructure projects for power grid management.
David: I am mainly involved in open source communities around software security and vulnerability finding. This includes tool development for automating software security and applying these tools to open source projects. I’m particularly involved with fuzzing related projects, such as OSS-Fuzz.
How do you define your relationship with OSTIF?
Adam: Over the years we have worked together on a wide range of audits, and I find it difficult to recall two audits that have been identical. As such, I would say our relationship is one where we find ways to bring security auditing to projects that may not have undergone auditing before in addition to projects that have been audited with vast resources.
David: As a collaboration based on good intentions and a positive sum outlook for software. I see it as a professional relationship based on a vision I support which makes it for a great personal relationship in a sense.
Who is someone you admire in open source? What do you appreciate about them?
Adam: Open source has many silent heroes who write and maintain great software that is free to use for everyone. An example of such heroes is Tatu Saloranta of the Jackson projects who has written a great suite of software projects that is critical to the world. Of security-specific work, I am thankful to the creators of AddressSanitizer which has drastically improved the security of both open source and closed source memory-unsafe software.
David: In general I tend to admire basically everyone involved in open source. There is so much diversity in open source and I find that you can pick and choose where you place yourself, which makes it a comfortable space to operate in as you can position yourself in those areas you like.
Why do you work in open source? Is there an event, person, or project that inspires you?
Adam: I can think of three reasons that motivate me:
- Open source has a low barrier of entry. Anyone can read the documentation and source code of open source software, identify problems and start contributing.
- Open source has wide usage, and when you contribute, you can impact millions of users in a direct or indirect way.
- Specific to security, I love that we as a community can keep users of open source software safe. Whenever we build great open source tools or identify specific security vulnerabilities in software, I like to think that we change the future for the better; For example, when we audit software and find and patch security vulnerabilities, at some point in the future, a threat actor with malicious intentions could have used the vulnerability to harm users, but we prevented that scenario from materialising. Or when we build great tools, we give researchers and users abilities to solve problems that could cause great harm to users and society.
David: I work in open source to some extent because my career took this path, which was a quite natural flow for me. The more you contribute, the more you get involved, and things start to compound. There are many inspiring open source projects and I think I get inspired by almost all open source projects based on the sole merit that someone has created something that is accessible to the entire world. That simple principle makes up for great inspiration to me.
What do you want the community to know about you or your work?
Adam: I am a security engineer and researcher at Ada Logics in London and work on security auditing, fuzzing, security tooling, supply-chain security and infrastructure security. I am always happy to talk, so do connect with me via email, LinkedIn or on Slack.
David: I work in open source software security and I’d be happy to engage with anyone participating in this area as well. To this end, I am a big believer in developing open source vulnerability analysis tooling that can be used widely by open source tools themselves, and this is what I like to do on a daily basis.
OSTIF thanks David Korczynski and Adam Korczynski for their hard work for open source security, as well as their willingness to be our first Community Spotlight honorees. If you would like to read about some of the audits we’ve done together, check out the ADA Logics tag on ostif.com.
Keep up with ADA Logics
WEBPAGE: adalogics.com
LINKEDIN: ADA Logics, David Korczynski, Adam Korczynski
TWITTER/X: https://x.com/adalogics?lang=en
GitHub: https://github.com/AdaLogics
Contact them: https://adalogics.com/contact