The Open Source Technology Improvement Fund is proud to share the results of our security work on the BOLT binary scanner for LLVM. LLVM is an open source compiler for translating human-readable source code for machine-readable hardware. In 2024, Arm engineer Kristof Beyls developed a static binary analyzer on BOLT,…
2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Bitcoin Core. Bitcoin core, the reference implementation of the Bitcoin protocol, is an open source cryptocurrency with assets valued at several billion USD. With the help of Quarkslab, Brink, and Chaincode Labs, this…
Transparency is a big part of OSTIF’s mission, and that extends to our strategy and long-term planning. As debates on the next phase of open source continue, we feel it necessary to share what we see our role in that future as being and how we’re trying to get there. …
The Open Source Technology Improvement Fund is proud to share the results of our security audit of OpenSSF Scorecard. OpenSSF Scorecard is an open source automated testing resource to help projects continually assess security risks. With the help of ADA Logics and the OpenSSF, this project can continue to provide…
The team at OSTIF is honored and excited to announce that for a fifth consecutive year we are a recipient of the DuckDuckGo Charitable Donations Program. The privilege of receiving this donation a fifth time is not lost on us, and reinforces that our mission is being carried out effectively…
Reflection by Communications, Operations, and Community Manager Helen Woeste Amir, Derek, and I joined a few thousand open source community members in Amsterdam for the Open Source Summit EU and attached OpenSSF Community Day. While Derek and Amir are no strangers to conferences, this was only my second OS Summit…
Over the duration of multiple programs with funders, we’ve heard firsthand their needs. Executives know they have the budget and desire to fund security, but need help with how to start generating outcomes. To create and sustain open source security programs requires dedicated administration work, experience with the open source…
The open source community has been abuzz for the past two years about European governance in open source software. From casual meetups to professional conferences, the implication of government funding and regulation of the free-use software sector has resulted in heavily debated discourse around the legal, financial, societal, and functional…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of RSTUF. RSTUF is an open source implementation of the server components necessary for users to create a secure repository for downloading files from TUF (The Update Framework). Thanks to the help of X41…