The Open Source Technology Improvement Fund is proud to share the results of our security audit of Requests, CacheControl, and urllib3. Requests is a widely used, elegant HTTP library for Python, designed to make HTTP requests simple and human-friendly, CacheControl is a port of the caching algorithms from httplib2 for…
The Open Source Technology Improvement Fund is proud to share the results of our security engagement on Developing ECH for OpenSSL (“DEfO”). DEfO is an open source implementation of Encrypted Client Hello (ECH) for OpenSSL, and provides proof-of-concept implementations for various clients and servers that use OpenSSL as a demonstration…
2025 Bug of the Year Award The Open Source Technology Improvement Fund is a non profit organization that specializes in security engagements for open source projects. We create bridges between the complex web of entities that are necessary to carry out a third party security audit. A cornerstone of that…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Stork. Stork is an open source project developed by the Internet Systems Consortium (ISC) that acts as an administrative interface for monitoring, maintaining, and surveilling Kea servers. With the help of 7ASecurity, this…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of zlib. Zlib is an open source lossless data-compression library for use on virtually any computer hardware and operating system. Thanks to the efforts of 7ASecurity and the Sovereign Tech Resilience Program, this project underwent…
2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Thunderbird Send. Thunderbird Send is an open source platform for sending and receiving end to end encrypted files, for use with Mozilla Thunderbird or web browsers. With the help of 7ASecurity and the…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of conda-forge. conda-forge is a community-driven open source repository of conda package manager recipes. With the help of 7ASecurity and the Sovereign Tech Agency, this project has invested in its longevity and security health…
OSTIF is proud to share the results of our security audit of Logback. Logback is an inclusive, fast, and adaptable logging framework for Java. With the help of 7ASecurity and the Sovereign Tech Agency, this project continues to provide reliable and flexible architecture for Java applications. Audit Process: This engagement…
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our security audit of Linkerd. Linkerd is an open source service mesh for Kubernetes which prioritizes reliability, security, and simplicity. Thanks to the help of 7ASecurity and the Cloud Native Computing Foundation, this project can continue…