OSTIF is proud to share the results of our security audit of CloudCustodian. CloudCustodian is an open source rules engine for cloud infrastructure management. Thanks to the help of Ada Logics and the Cloud Native Computing Foundation, this project underwent a third-party security audit to help strengthen CloudCustodian’s security as…
OSTIF is proud to share the results of our security audit of Bref. Bref is an open source project that allows developers to go serverless on AWS with PHP. With the help of Shielder and Amazon Web Services, this project has strengthened their foundation of transparency and easy customization for…
OSTIF is proud to share the results of our security audit of cert-manager. Cert-manager is an open source project for certificate management in Kubernetes. With the help of Ada Logics and the Cloud Native Computing Foundation, this project can apply for graduation through the CNCF. Audit Process: In order to…
OSTIF is proud to share the results of our fuzzing audit of LLVM. The LLVM project is a compilation of modular and reusable compiler and toolchain technology. Having completed this fuzzing audit with the help of Ada Logics and the Sovereign Tech Fund, LLVM can experience a deeper and more…
OSTIF is proud to share the results of our security audit of cURL HTTP/3. cURL is an open source command line tool and library, the most widely used HTTP client software in the world. This engagement was for the new components of HTTP/3 in cURL. With the help of Trail…
OSTIF is proud to share the results of our security audit of Jackson subprojects. Jackson-dataformats-binary, Jackson-dataformats-text, Jackson-dataformat-xml, Jackson-datatype-joda, and Jackson-datatypes-collections are open source subprojects that contribute to Jackson (described as “JSON for Java”). With the help of Ada Logics and the Sovereign Tech Fund, these subprojects will be more secure…
The Sovereign Tech Fund and the Open Source Technology Improvement Fund (OSTIF) are collaborating upon multiple security reviews for open source projects. As part of STF’s Bug Resilience Program, we are organizing and providing projects that are rooted in infrastructure with audits and engagements to reduce their open and undiscovered…
The Drupal project partnered with OSTIF for a series of audits on key technology to support supply chain security for automatic updates. Specifically, the PHP-TUF client-side library and its server-side Rugged counterpart underwent a security audit by Include Security organized by OSTIF. The Update Framework (or “TUF”) is a cryptographically-secure…
In collaboration with Amazon Web Services and the Eclipse Foundation, OSTIF is excited to release our Independent Security Audit Impact Report for 2023! Over the past year, OSTIF worked with 10 projects to complete third-party security audits with funding supplied by AWS and the EF. The engagement oversaw 24 new…
OSTIF and the CNCF are proud to announce the completion of a security audit of CubeFS. The project, which provides cloud-native storage across a variety of access protocols, was audited by the team at Ada Logics during the Fall of 2023. The security audit for CubeFS was designed to be…