Audit of Jackson-Dataformats and Jackson-Datatypes Complete

OSTIF is proud to share the results of our security audit of Jackson subprojects. Jackson-dataformats-binary, Jackson-dataformats-text, Jackson-dataformat-xml, Jackson-datatype-joda, and Jackson-datatypes-collections are open source subprojects that contribute to Jackson (described as “JSON for Java”). With the help of Ada Logics and the Sovereign Tech Fund, these subprojects will be more secure…

Continue ReadingAudit of Jackson-Dataformats and Jackson-Datatypes Complete

OSTIF joins the Sovereign Tech Fund’s Bug Resilience Program

The Sovereign Tech Fund and the Open Source Technology Improvement Fund (OSTIF) are collaborating upon multiple security reviews for open source projects. As part of STF’s Bug Resilience Program, we are organizing and providing projects that are rooted in infrastructure with audits and engagements to reduce their open and undiscovered…

Continue ReadingOSTIF joins the Sovereign Tech Fund’s Bug Resilience Program

PHP-TUF Audit Complete!

The Drupal project partnered with OSTIF for a series of audits on key technology to support supply chain security for automatic updates. Specifically, the PHP-TUF client-side library and its server-side Rugged counterpart underwent a security audit by Include Security organized by OSTIF. The Update Framework (or “TUF”) is a cryptographically-secure…

Continue ReadingPHP-TUF Audit Complete!

Securing Open-Source Infrastructure with Trail of Bits

OSTIF started performing security audits in earnest in 2018, tackling a new level of involvement open source security. That same year was OSTIF’s first collaboration with security firm Trail of Bits, working together to complete an audit of RandomX. Since then our two companies have worked together on 12 security…

Continue ReadingSecuring Open-Source Infrastructure with Trail of Bits

2023 Cloud Native Computing Foundation Audit Impact Report

We at OSTIF are excited to announce the 2023 Cloud Native Computing Foundation Audit Impact Report. This is the second year of the program between the two organizations, which combines funding and projects from the CNCF with OSTIF’s auditing resources to synthesize security engagements. Over the last two years, this collaboration…

Continue Reading2023 Cloud Native Computing Foundation Audit Impact Report

50th Audit Milestone

Open Source Technology Improvement Fund (OSTIF) is beyond proud to announce the completion of our 50th security audit. Since 2015, the nonprofit organization has worked to provide actualized security support to open source projects in a way that is transparent, public, and impactful. We work with open source projects that…

Continue Reading50th Audit Milestone