OSTIF and X41 are excited to announce the completion of our security audit of libjpeg-turbo! X-41 DSec and OSTIF collaborated in May of 2023 on a source code audit of libjpeg-turbo, the accelerated JPEG image decoding software. The audit’s emphasis was on reviewing input validation, memory management practices, and analysis…
During the Spring of 2023, OSTIF, ADA Logics, and The Notary Project collaborated on a security audit of the new Notation libraries. Notation is a CLI project to add signatures as standard items in the registry ecosystem and to build a set of simple tooling for signing and verifying signatures. …
OSTIF is proud to announce the publication of our fourteenth completed audit this year! In association with X41 D-Sec and go-tuf, OSTIF publishes another FOSS security audit after weeks of hard work and dedication. Go-tuf is used to securely run software update systems in Go as part of The Update…
Security is Vital for Vitess! The Open Source Technology Improvement Fund, in collaboration with Ada Logics, is proud to announce the results of a successful security audit for Vitess. Born at Youtube in 2010 to help scale up database interactions, Vitess eventually moved under the umbrella of Cloud Native Computing…
In collaboration with X41 and in-toto, OSTIF is pleased to announce the publication of our audit of in-toto’s source code. In-toto, which has implementations in Python and Go, is a framework software for supply chain security. Integrating security and transparency through the entire process of application, in-toto’s holistic view of…
OSTIF, X41, and c-ares coordinated on a security audit of c-ares’s source code in spring of 2023. C-ares is a library written in C for asynchronous DNS requests, which runs on such applications as Microsoft Windows, Netware, and Android. It was developed at MIT, when a group expanded upon the…
It’s our privilege to announce that OSTIF’s sixth security audit of 2023 is with libcap! This was only possible with the fantastic work of X41 D-Sec and generous support of AWS. Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. The 26 year old project is maintained…
OSTIF is pleased to announce that another audit has reached publication! A security audit of simplejson’s source code was conducted in collaboration with X41. Found during the audit process were one medium and two low severity issues, as well as nine more informational issues. In addition, custom differential fuzzing harnesses…
Falco joins a growing number of CNCF Projects that completed a third-party security audit organized by OSTIF. A follow up to their 2019 audit, the Falco project requested a new engagement due to changes in the code base since. OSTIF partnered with Quarkslab to complete the audit. An overview of…
Open Source Tech Improvement Fund (OSTIF) is proud to announce that our work with Chainguard on the supply chain review of git for Windows is complete. We'd like to thank Adolfo and John Speed at Chainguard for their work on this review, and Turbo at Github for their help connecting…