OSTIF and the CNCF are proud to announce the completion of a security audit of CubeFS. The project, which provides cloud-native storage across a variety of access protocols, was audited by the team at Ada Logics during the Fall of 2023. The security audit for CubeFS was designed to be…
We at OSTIF are excited to announce the 2023 Cloud Native Computing Foundation Audit Impact Report. This is the second year of the program between the two organizations, which combines funding and projects from the CNCF with OSTIF’s auditing resources to synthesize security engagements. Over the last two years, this collaboration…
Open Source Technology Improvement Fund (OSTIF) is beyond proud to announce the completion of our 50th security audit. Since 2015, the nonprofit organization has worked to provide actualized security support to open source projects in a way that is transparent, public, and impactful. We work with open source projects that…
This year for OSTIF has been beyond our expectations and hopes. We’ve worked hard for open source security, bonding with new collaborators while growing our network to provide projects with help from experts. We completed almost 200% more projects than in 2022, hired a new full-time employee, and forged partnerships…
OSTIF is proud to announce the publication of the security audit of nvm in collaboration with 7ASecurity! nvm is a version manager for node.js, which works on any POSIX-compliant shell for Linux, Mac, and Windows. For this audit, 7ASecurity performed a whitebox security review and penetration testing upon the open…
DuckDuckGo has for the third year in a row generously donated $25,000 to the Open Source Technology Improvement Fund as part of its annual charitable donations program. OSTIF works full time on funding open source security projects and engagements and collaborating directly with security teams and project maintainers from around…
OSTIF is proud to announce the publication of a security audit on the Kubernetes cluster tooling Flux in collaboration with Trail of Bits. Performed over four engineer weeks, this is the second security audit with OSTIF that Flux has undertaken, the first having taken place in November 2021. Repeated security…
OSTIF is pleased to announce the completion of a security audit of the open source project RustVMM in collaboration with X-41 D-Sec GmbH, with funding by Amazon Web Services. The project offers crates to build customized Virtual Machine Monitors (thus, VMM), which can be vulnerable to malicious actors through its…
OSTIF and wasmCloud collaborated with Trail of Bits on a security audit of the application which is a deployment platform for distributed Wasm application development. The engagement priorities are listed as, but not limited to: wasmCloud sandboxing capabilities of user-provided code, if users were appropriately limited in their accessible features…
Envoy, the open source edge and service proxy designed for cloud-native applications, worked with OSTIF and X41 D-Sec to help improve the project’s security posture. The multi-phased engagement, sponsored by Google, focused first on the triaging and closing of bugs, then upon further improving the core fuzzers that continually monitor…