OSTIF joins the Sovereign Tech Fund’s Bug Resilience Program

The Sovereign Tech Fund and the Open Source Technology Improvement Fund (OSTIF) are collaborating upon multiple security reviews for open source projects. As part of STF’s Bug Resilience Program, we are organizing and providing projects that are rooted in infrastructure with audits and engagements to reduce their open and undiscovered…

Continue ReadingOSTIF joins the Sovereign Tech Fund’s Bug Resilience Program

PHP-TUF Audit Complete!

The Drupal project partnered with OSTIF for a series of audits on key technology to support supply chain security for automatic updates. Specifically, the PHP-TUF client-side library and its server-side Rugged counterpart underwent a security audit by Include Security organized by OSTIF. The Update Framework (or “TUF”) is a cryptographically-secure…

Continue ReadingPHP-TUF Audit Complete!

Securing Open-Source Infrastructure with Trail of Bits

OSTIF started performing security audits in earnest in 2018, tackling a new level of involvement open source security. That same year was OSTIF’s first collaboration with security firm Trail of Bits, working together to complete an audit of RandomX. Since then our two companies have worked together on 12 security…

Continue ReadingSecuring Open-Source Infrastructure with Trail of Bits

Amazon Web Services & Eclipse Foundation Security Audit Impact Report 2023

In collaboration with Amazon Web Services and the Eclipse Foundation, OSTIF is excited to release our Independent Security Audit Impact Report for 2023! Over the past year, OSTIF worked with 10 projects to complete third-party security audits with funding supplied by AWS and the EF. The engagement oversaw 24 new…

Continue ReadingAmazon Web Services & Eclipse Foundation Security Audit Impact Report 2023

2023 Cloud Native Computing Foundation Audit Impact Report

We at OSTIF are excited to announce the 2023 Cloud Native Computing Foundation Audit Impact Report. This is the second year of the program between the two organizations, which combines funding and projects from the CNCF with OSTIF’s auditing resources to synthesize security engagements. Over the last two years, this collaboration…

Continue Reading2023 Cloud Native Computing Foundation Audit Impact Report

50th Audit Milestone

Open Source Technology Improvement Fund (OSTIF) is beyond proud to announce the completion of our 50th security audit. Since 2015, the nonprofit organization has worked to provide actualized security support to open source projects in a way that is transparent, public, and impactful. We work with open source projects that…

Continue Reading50th Audit Milestone