Our audit of in-toto is complete!

In collaboration with X41 and in-toto, OSTIF is pleased to announce the publication of our audit of in-toto’s source code. In-toto, which has implementations in Python and Go, is a framework software for supply chain security. Integrating security and transparency through the entire process of application, in-toto’s holistic view of…

Continue ReadingOur audit of in-toto is complete!

Our Audit of SimpleJSON is complete!

OSTIF is pleased to announce that another audit has reached publication! A security audit of simplejson’s source code was conducted in collaboration with X41.  Found during the audit process were one medium and two low severity issues, as well as nine more informational issues. In addition, custom differential fuzzing harnesses…

Continue ReadingOur Audit of SimpleJSON is complete!

The OSTIF Impact Report for the Cloud Native Computing Foundation

Open Source Technology Improvement Fund (OSTIF) is proud to share the Cloud Native Computing Foundation (CNCF) Impact Report for 2022. This report is a follow-up to our August 2022 post and is based on CNCF’s strong commitment to improving security posture of projects, a sound guiding policy and project maturity…

Continue ReadingThe OSTIF Impact Report for the Cloud Native Computing Foundation

The OSTIF Independent Security Audit Impact Report

Today OSTIF is thrilled to release the Independent Security Audit Impact Report.  This report is the culmination of over a year’s worth of work that OSTIF organized thanks to funding from Google and OpenSSF.  “I am extremely proud of this work and what OSTIF continues to accomplish. Organizations like Google,…

Continue ReadingThe OSTIF Independent Security Audit Impact Report

The OSTIF Audit of Curl with Trail of Bits is Complete

Results of curl Security Audit  By: Amir Montazery, OSTIF Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for curl. In development since 1998, curl is a command line tool and library for transferring data with URLs. Curl is used…

Continue ReadingThe OSTIF Audit of Curl with Trail of Bits is Complete

Our Audit of Python-TUF is Complete. Multiple Issues Found and Fixed

Open Source Technology Improvement Fund is thrilled to report the results of another security audit. Python-TUF is a reference implementation written in Python for The Update Framework (TUF); a framework for secure content delivery and updates. The primary result of the work is one medium and four low-severity issues. Details…

Continue ReadingOur Audit of Python-TUF is Complete. Multiple Issues Found and Fixed

OSTIF Partners with Omidyar Network

Open Source Technology Improvement Fund is thrilled to announce its first philanthropic partnership with Omidyar Network (ON). OSTIF is joining a strong network of open source advocates and specialists under the ON portfolio to further the Open and Secure Internet Ecosystem. “This is a significant accomplishment for OSTIF and expands…

Continue ReadingOSTIF Partners with Omidyar Network