OSTIF and X41 are excited to announce the completion of our security audit of libjpeg-turbo! X-41 DSec and OSTIF collaborated in May of 2023 on a source code audit of libjpeg-turbo, the accelerated JPEG image decoding software. The audit’s emphasis was on reviewing input validation, memory management practices, and analysis…
During the Spring of 2023, OSTIF, ADA Logics, and The Notary Project collaborated on a security audit of the new Notation libraries. Notation is a CLI project to add signatures as standard items in the registry ecosystem and to build a set of simple tooling for signing and verifying signatures. …
Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of security improvements via improved fuzzing capabilities on the Liblouis project by ADA Logics! Liblouis is a braille translator with expansive capabilities that runs on open source code. In 2021, the project onboarded to OSS-Fuzz to perform ongoing…
In collaboration with X41 and in-toto, OSTIF is pleased to announce the publication of our audit of in-toto’s source code. In-toto, which has implementations in Python and Go, is a framework software for supply chain security. Integrating security and transparency through the entire process of application, in-toto’s holistic view of…
OSTIF, X41, and c-ares coordinated on a security audit of c-ares’s source code in spring of 2023. C-ares is a library written in C for asynchronous DNS requests, which runs on such applications as Microsoft Windows, Netware, and Android. It was developed at MIT, when a group expanded upon the…
Falco joins a growing number of CNCF Projects that completed a third-party security audit organized by OSTIF. A follow up to their 2019 audit, the Falco project requested a new engagement due to changes in the code base since. OSTIF partnered with Quarkslab to complete the audit. An overview of…
Open Source Technology Improvement Fund is happy to announce the results of the Istio Security Audit. Used by key cloud providers and technology organizations, Istio is an open service mesh platform to connect, manage, and secure microservices. The Security Audit was carried out by the team at ADA Logics. A…
Results of curl Security Audit By: Amir Montazery, OSTIF Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for curl. In development since 1998, curl is a command line tool and library for transferring data with URLs. Curl is used…
Open Source Technology Improvement Fund, Inc is happy to announce the results of the CloudEvents Security Assessment. CloudEvents is a specification for describing event data in a common way that simplifies event declaration and delivery across services, platforms, and beyond. CloudEvents has a robust network of contributors and active development…
Open Source Technology Improvement Fund is thrilled to report the results of another security audit. Python-TUF is a reference implementation written in Python for The Update Framework (TUF); a framework for secure content delivery and updates. The primary result of the work is one medium and four low-severity issues. Details…