OSTIF and wasmCloud collaborated with Trail of Bits on a security audit of the application which is a deployment platform for distributed Wasm application development. The engagement priorities are listed as, but not limited to: wasmCloud sandboxing capabilities of user-provided code, if users were appropriately limited in their accessible features…
Envoy, the open source edge and service proxy designed for cloud-native applications, worked with OSTIF and X41 D-Sec to help improve the project’s security posture. The multi-phased engagement, sponsored by Google, focused first on the triaging and closing of bugs, then upon further improving the core fuzzers that continually monitor…
Crossplane underwent a successful third party security audit by ADA Logics with the support of Open Source Technology Improvement Fund (OSTIF). Used by firms such as JP Morgan, Time Warner, and MIT Lincoln Lab, the project is considered Incubating at CNCF. Over the first half of 2023, the multi-cloud control…
Open Source Technology Improvement Fund (OSTIF), K-9 Mail, and 7ASecurity collaborated on a security audit of the Mozilla K-9 email application. K-9 is an open source email application and runs on most Android phone systems. Ideally, the application is reliable, intuitive, and secure to use. Not only critical to Android…
The Eclipse Foundation’s Equinox P2 was audited by Include Security in November 2022. Equinox P2 is a provisioning platform, started by IBM in 2001. The Eclipse Foundation was founded three years later to act as an open, non-for-profit leader of the Eclipse Project community. OSTIF was contacted by the Foundation,…
During the Spring of 2023, OSTIF, ADA Logics, and The Notary Project collaborated on a security audit of the new Notation libraries. Notation is a CLI project to add signatures as standard items in the registry ecosystem and to build a set of simple tooling for signing and verifying signatures. …
In collaboration with X41 and in-toto, OSTIF is pleased to announce the publication of our audit of in-toto’s source code. In-toto, which has implementations in Python and Go, is a framework software for supply chain security. Integrating security and transparency through the entire process of application, in-toto’s holistic view of…
OSTIF, X41, and c-ares coordinated on a security audit of c-ares’s source code in spring of 2023. C-ares is a library written in C for asynchronous DNS requests, which runs on such applications as Microsoft Windows, Netware, and Android. It was developed at MIT, when a group expanded upon the…
OSTIF is pleased to announce that another audit has reached publication! A security audit of simplejson’s source code was conducted in collaboration with X41. Found during the audit process were one medium and two low severity issues, as well as nine more informational issues. In addition, custom differential fuzzing harnesses…
Today we are releasing our 2022 annual report. It details our financial health and our impact in 2022. It is intended to be a very easy read and a summation of all of the work OSTIF does. A special thank you to everyone we have worked with this year to…