In collaboration with X41 and in-toto, OSTIF is pleased to announce the publication of our audit of in-toto’s source code. In-toto, which has implementations in Python and Go, is a framework software for supply chain security. Integrating security and transparency through the entire process of application, in-toto’s holistic view of…
OSTIF, X41, and c-ares coordinated on a security audit of c-ares’s source code in spring of 2023. C-ares is a library written in C for asynchronous DNS requests, which runs on such applications as Microsoft Windows, Netware, and Android. It was developed at MIT, when a group expanded upon the…
OSTIF is pleased to announce that another audit has reached publication! A security audit of simplejson’s source code was conducted in collaboration with X41. Found during the audit process were one medium and two low severity issues, as well as nine more informational issues. In addition, custom differential fuzzing harnesses…
Today we are releasing our 2022 annual report. It details our financial health and our impact in 2022. It is intended to be a very easy read and a summation of all of the work OSTIF does. A special thank you to everyone we have worked with this year to…
Open Source Technology Improvement Fund (OSTIF) is proud to share the Cloud Native Computing Foundation (CNCF) Impact Report for 2022. This report is a follow-up to our August 2022 post and is based on CNCF’s strong commitment to improving security posture of projects, a sound guiding policy and project maturity…
Today OSTIF is thrilled to release the Independent Security Audit Impact Report. This report is the culmination of over a year’s worth of work that OSTIF organized thanks to funding from Google and OpenSSF. “I am extremely proud of this work and what OSTIF continues to accomplish. Organizations like Google,…
Open Source Technology Improvement Fund is happy to announce the results of the Istio Security Audit. Used by key cloud providers and technology organizations, Istio is an open service mesh platform to connect, manage, and secure microservices. The Security Audit was carried out by the team at ADA Logics. A…
Results of curl Security Audit By: Amir Montazery, OSTIF Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for curl. In development since 1998, curl is a command line tool and library for transferring data with URLs. Curl is used…
Open Source Technology Improvement Fund is thrilled to report the results of another security audit. Python-TUF is a reference implementation written in Python for The Update Framework (TUF); a framework for secure content delivery and updates. The primary result of the work is one medium and four low-severity issues. Details…
Open Source Technology Improvement Fund is thrilled to announce its first philanthropic partnership with Omidyar Network (ON). OSTIF is joining a strong network of open source advocates and specialists under the ON portfolio to further the Open and Secure Internet Ecosystem. “This is a significant accomplishment for OSTIF and expands…