Open Source Technology Improvement Fund is happy to announce the results of the Istio Security Audit. Used by key cloud providers and technology organizations, Istio is an open service mesh platform to connect, manage, and secure microservices. The Security Audit was carried out by the team at ADA Logics. A…
Results of curl Security Audit By: Amir Montazery, OSTIF Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for curl. In development since 1998, curl is a command line tool and library for transferring data with URLs. Curl is used…
Open Source Technology Improvement Fund is thrilled to report the results of another security audit. Python-TUF is a reference implementation written in Python for The Update Framework (TUF); a framework for secure content delivery and updates. The primary result of the work is one medium and four low-severity issues. Details…
Open Source Technology Improvement Fund is thrilled to announce its first philanthropic partnership with Omidyar Network (ON). OSTIF is joining a strong network of open source advocates and specialists under the ON portfolio to further the Open and Secure Internet Ecosystem. “This is a significant accomplishment for OSTIF and expands…
Open Source Technology Improvement Fund is happy to report the results of yet another security audit, this time of the Argo project. The Argo project is a collection of tools for getting work done with Kubernetes. The main components of Argo audited are: Argo Workflows - Container-native Workflow Engine Argo…
Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and extends native containerized application orchestration and management to hosts at the edge. The result of this engagement is the finding…
Duckduckgo, the privacy search engine, has contributed to OSTIF for a second time by donating $25,000 USD. Their site that tracks their charitable donations Spread Privacy has the official announcement. These funds are not allocated to any specific project, which helps OSTIF tremendously by allowing us to spend resources on…
OSTIF has been working with the Open Source Security Foundation's Securing Critical Projects working group to help identify critical pieces of infrastructure that require focused security attention. Symfony, a widely used PHP framework has consistently been near the top of multiple reports, underscoring the criticality of the project to the…
Announcement: Google is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software. OSTIF is elated to announce that we are planning to improve security of eight open-source projects thanks to support from the Google Open Source Security Team. This marks a major…
OSTIF is simultaneously working on multiple projects this quarter. Here is what we've been working on and what to expect over the next few months! Two projects with the Linux Foundation We are working with the Linux Foundation's Core Infrastructure Initiative on the safety and security of the Linux Kernel.…