Amazon Web Services Supports Open Source Technology Improvement Fund

Amir Montazery, Managing Director, Open Source Technology Improvement Fund, Inc (OSTIF)

The OSTIF team is absolutely thrilled to announce that we’ve reached an agreement with Amazon Web Services (AWS) to provide $500,000 in funding. The funding from AWS will help OSTIF scale our ability to find and fix vulnerabilities in critical open source projects. In particular, the goal is to improve the sustainability of upstream projects commonly used in the open source ecosystem.  

“2022 proved to be an impactful year for OSTIF, as we executed over 20 security engagements for critical open source projects; resulting in over 35 Critical/High Vulnerability patches and upwards of 165 total security improvements. Approximately 50 automated security tools, such as fuzzers and CI implementations, were developed to continuously monitor these projects, providing long-term benefits to security posture. The support from AWS will allow us to continue to do that into 2023 and scale our ability to help critical open source projects that everyone depends on.” 

– Amir Montazery, Managing Director, OSTIF

“Creating healthy and sustainable open source communities is the guiding principle behind our open source investments. By sponsoring OSTIF and OpenSSF, we are helping to ensure the long-term security and viability of critical open source software projects that will benefit our customers, AWS, and the entire information technology ecosystem..” 

– Mark Ryland, Director, Office of the CISO, Amazon Web Services

For more information on the type of security work OSTIF is doing, check out some recent posts:

  • Git – Critical Vulnerabilities found and addressed in the world’s most widely-used version control system.  
  • Google/OpenSSF Impact Report – Summary of work done for Google and Open Source Security Foundation in 2022. 
  • cURL – One of the most widely deployed projects in the world. 

CNCF Impact Report – A collection of security engagements done for Cloud Native Computing Foundation.