The Open Source Technology Improvement Fund is proud to share the results of our security audit of Inspektor Gadget. Inspektor Gadget is a collection of open source libraries and tools for data collection and inspection of Kubernetes clusters and Linux hosts. With the help of Shielder and the Cloud Native…
For the past 4 years, OSTIF has run a Managed Audit Program for the CNCF. We’ve audited 33 projects in that time, working with maintainers all over the world to reinforce the security health of cloud native open source for billions of end users. Security audits are an effective, sustainable…
2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…
OSTIF would not be possible without our fantastic collaborators, partnerships, funders, and friends. Over the past 10 years, we’ve met so many amazing people, several of whom we have the utmost privilege of working with. It is deeply important to us that we give credit where credit is due. OSTIF…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Volcano. Volcano is an open source cloud native batch scheduling system offering among other things queue management and multi-cluster scheduling. With the help of Ada Logics and the Cloud Native Computing Foundation (CNCF),…
OSTIF is proud to share the results of our security audit of NATS. NATS is an open source project made by Synadia Communications for secure always-on messaging for a variety of digital formats and clients. With the help of Trail of Bits and the Cloud Native Computing Foundation, this project…
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our security audit of Linkerd. Linkerd is an open source service mesh for Kubernetes which prioritizes reliability, security, and simplicity. Thanks to the help of 7ASecurity and the Cloud Native Computing Foundation, this project can continue…
2024 was the 9th year of OSTIF, and what an exciting and groundbreaking year it was! Our annual report for 2024 starts with the OSTIF story then moves onto our impact, function, partnerships, funding, and future. We didn’t mince words here- it’s a quick read of less than five minutes.…
OSTIF is proud to share the results of our second security audit of Notary Project. Notary Project is “a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts.”* With the help of Quarkslab and…
OSTIF is proud to share the results of our security audit of Karmada. Karmada is an open source Kubernetes orchestration system for running cloud-native applications seamlessly across different clouds and clusters. With the help of Shielder and the Cloud Native Computing Foundation (CNCF), this project offers users improved open, multi-cloud,…