2024 CNCF/OSTIF Independent Security Audit Impact Report

OSTIF is proud to share the results of our 2024 security audit collaboration with the Cloud Native Computing Foundation (CNCF). Over the past three years, OSTIF and the CNCF have worked together to provide security audits for CNCF projects. These projects, as a part of the CNCF landscape, must undergo…

Continue Reading2024 CNCF/OSTIF Independent Security Audit Impact Report

Cloud Native Buildpacks Audit Complete!

OSTIF is proud to share the results of our security audit of Cloud Native Buildpacks. Cloud Native Buildpacks (or "Buildpacks") is an open source tool for making container images for any cloud directly from the application source code. With the help of Quarkslab and the Cloud Native Computing Foundation (CNCF),…

Continue ReadingCloud Native Buildpacks Audit Complete!

Reasons Why Most Audits are Still Waiting

“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…

Continue ReadingReasons Why Most Audits are Still Waiting

Amazon Web Services & Eclipse Foundation Security Audit Impact Report 2023

In collaboration with Amazon Web Services and the Eclipse Foundation, OSTIF is excited to release our Independent Security Audit Impact Report for 2023! Over the past year, OSTIF worked with 10 projects to complete third-party security audits with funding supplied by AWS and the EF. The engagement oversaw 24 new…

Continue ReadingAmazon Web Services & Eclipse Foundation Security Audit Impact Report 2023

OSTIF Receives a Third Yearly Donation from DuckDuckGo

DuckDuckGo has for the third year in a row generously donated $25,000 to the Open Source Technology Improvement Fund as part of its annual charitable donations program. OSTIF works full time on funding open source security projects and engagements and collaborating directly with security teams and project maintainers from around…

Continue ReadingOSTIF Receives a Third Yearly Donation from DuckDuckGo

The OSTIF Impact Report for the Cloud Native Computing Foundation

Open Source Technology Improvement Fund (OSTIF) is proud to share the Cloud Native Computing Foundation (CNCF) Impact Report for 2022. This report is a follow-up to our August 2022 post and is based on CNCF’s strong commitment to improving security posture of projects, a sound guiding policy and project maturity…

Continue ReadingThe OSTIF Impact Report for the Cloud Native Computing Foundation