Bugs? Search Me!- OpenSearch Security Audit Completed!

OSTIF and X41-Dsec collaborated with OpenSearch on a security audit on v. 2.8.0 of the open source search engine. As a search engine, this project handles sensitive data and therefore security is of utmost importance to project users, maintainers, and community. The main objective of this security audit was to…

Continue ReadingBugs? Search Me!- OpenSearch Security Audit Completed!

OSTIF’s Favorite Bug- DragonFly!

This summer, over four engineer weeks, Trail of Bits and OSTIF collaborated on a security audit of DragonFly. A CNCF Incubating Project, DragonFly functions as file distribution for peer-to-peer technologies. Included in the scope was the sub-project Nydus’s repository that works in image distribution. The engagement was outlined and framed…

Continue ReadingOSTIF’s Favorite Bug- DragonFly!

Dampening Vulnerabilities in Dapr: Security Audit of Dapr

In May and June of 2023, OSTIF and ADA Logics worked with the open source project Dapr on a holistic security audit. The Distributed Application Runtime (or Dapr) is a project for building distributed applications across cloud and edge. It is an easy, portable, and serverless way to build sustainable…

Continue ReadingDampening Vulnerabilities in Dapr: Security Audit of Dapr

OSTIF collaborates with the Envoy Team to further improve security posture.

Envoy, the open source edge and service proxy designed for cloud-native applications, worked with OSTIF and X41 D-Sec to help improve the project’s security posture. The multi-phased engagement, sponsored by Google, focused first on the triaging and closing of bugs, then upon further improving the core fuzzers that continually monitor…

Continue ReadingOSTIF collaborates with the Envoy Team to further improve security posture.

OSTIF completes Security Audit of Crossplane- improved across the board!

Crossplane underwent a successful third party security audit by ADA Logics with the support of Open Source Technology Improvement Fund (OSTIF). Used by firms such as JP Morgan, Time Warner, and MIT Lincoln Lab, the project is considered Incubating at CNCF. Over the first half of 2023, the multi-cloud control…

Continue ReadingOSTIF completes Security Audit of Crossplane- improved across the board!

OSTIF’s Security Audit of K-9 Mail is Complete!

Open Source Technology Improvement Fund (OSTIF), K-9 Mail, and 7ASecurity collaborated on a security audit of the Mozilla K-9 email application. K-9 is an open source email application and runs on most Android phone systems. Ideally, the application is reliable, intuitive, and secure to use. Not only critical to Android…

Continue ReadingOSTIF’s Security Audit of K-9 Mail is Complete!

OSTIF’s Audit of Equinox P2 is Complete!

The Eclipse Foundation’s Equinox P2 was audited by Include Security in November 2022. Equinox P2 is a provisioning platform, started by IBM in 2001. The Eclipse Foundation was founded three years later to act as an open, non-for-profit leader of the Eclipse Project community.  OSTIF was contacted by the Foundation,…

Continue ReadingOSTIF’s Audit of Equinox P2 is Complete!

Our Audit of libjpeg-turbo is Complete!

OSTIF and X41 are excited to announce the completion of our security audit of libjpeg-turbo! X-41 DSec and OSTIF collaborated in May of 2023 on a source code audit of libjpeg-turbo, the accelerated JPEG image decoding software.  The audit’s emphasis was on reviewing input validation, memory management practices, and analysis…

Continue ReadingOur Audit of libjpeg-turbo is Complete!