OSTIF is proud to announce the publication of the security audit of nvm in collaboration with 7ASecurity! nvm is a version manager for node.js, which works on any POSIX-compliant shell for Linux, Mac, and Windows. For this audit, 7ASecurity performed a whitebox security review and penetration testing upon the open…
Open source project Kyverno completed a security audit by OSTIF and Ada Logics in the fall of 2023 in continued partnership with the CNCF. This engagement was organized to be a holistic review of the Kubernetes policy engine, including threat modeling, manual code auditing, fuzzing and supply-chain review. The security…
Open source project Mosquitto underwent a security audit with OSTIF and Trail of Bits in collaboration with the Eclipse Foundation. The project, which is a message broker for the MQTT protocol, is designed to connect the Internet of Things. Projects that are open to the internet have increased landscape exposure…
OSTIF is proud to announce the publication of a security audit on the Kubernetes cluster tooling Flux in collaboration with Trail of Bits. Performed over four engineer weeks, this is the second security audit with OSTIF that Flux has undertaken, the first having taken place in November 2021. Repeated security…
OSTIF is pleased to announce the completion of a security audit of the open source project RustVMM in collaboration with X-41 D-Sec GmbH, with funding by Amazon Web Services. The project offers crates to build customized Virtual Machine Monitors (thus, VMM), which can be vulnerable to malicious actors through its…
OSTIF and X41-Dsec collaborated with OpenSearch on a security audit on v. 2.8.0 of the open source search engine. As a search engine, this project handles sensitive data and therefore security is of utmost importance to project users, maintainers, and community. The main objective of this security audit was to…
Envoy, the open source edge and service proxy designed for cloud-native applications, worked with OSTIF and X41 D-Sec to help improve the project’s security posture. The multi-phased engagement, sponsored by Google, focused first on the triaging and closing of bugs, then upon further improving the core fuzzers that continually monitor…
Crossplane underwent a successful third party security audit by ADA Logics with the support of Open Source Technology Improvement Fund (OSTIF). Used by firms such as JP Morgan, Time Warner, and MIT Lincoln Lab, the project is considered Incubating at CNCF. Over the first half of 2023, the multi-cloud control…
Open Source Technology Improvement Fund (OSTIF), K-9 Mail, and 7ASecurity collaborated on a security audit of the Mozilla K-9 email application. K-9 is an open source email application and runs on most Android phone systems. Ideally, the application is reliable, intuitive, and secure to use. Not only critical to Android…
The Eclipse Foundation’s Equinox P2 was audited by Include Security in November 2022. Equinox P2 is a provisioning platform, started by IBM in 2001. The Eclipse Foundation was founded three years later to act as an open, non-for-profit leader of the Eclipse Project community. OSTIF was contacted by the Foundation,…