2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of EVerest. EVerest is an open source project hosted by LF Energy, which functions as a firmware stack for EV charging stations. Thanks to efforts by Quarkslab and with support from LF Energy, EVerest…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of CRI-O. CRI-O is an implementation of the Kubernetes Container Runtime Interface (CRI) that is OCI-compliant (-O) that provides the backend between OCI-format container images and the Kubernetes control plane. With the help of…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Kea. Kea is an open source project developed by Internet Systems Consortium (ISC). Described in the audit report as a “modular DHCP server framework… for assigning IPv4 and IPv6 addresses and distributing…
OSTIF is excited to announce our membership in the Open Source Initiative’s Open Policy Alliance. Contributing to cybersecurity policy is part of OSTIF’s mission to educate around the importance of security to sustainable open source longevity. Working with the global community that makes up the Alliance is an honor. We…