The OSTIF Audit of Curl with Trail of Bits is Complete

Results of curl Security Audit  By: Amir Montazery, OSTIF Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for curl. In development since 1998, curl is a command line tool and library for transferring data with URLs. Curl is used…

Continue ReadingThe OSTIF Audit of Curl with Trail of Bits is Complete

Results of the CloudEvents Security Assessment

Open Source Technology Improvement Fund, Inc is happy to announce the results of the CloudEvents Security Assessment. CloudEvents is a specification for describing event data in a common way that simplifies event declaration and delivery across services, platforms, and beyond. CloudEvents has a robust network of contributors and active development…

Continue ReadingResults of the CloudEvents Security Assessment

Our Audit of Python-TUF is Complete. Multiple Issues Found and Fixed

Open Source Technology Improvement Fund is thrilled to report the results of another security audit. Python-TUF is a reference implementation written in Python for The Update Framework (TUF); a framework for secure content delivery and updates. The primary result of the work is one medium and four low-severity issues. Details…

Continue ReadingOur Audit of Python-TUF is Complete. Multiple Issues Found and Fixed

Our Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.

Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and extends native containerized application orchestration and management to hosts at the edge. The result of this engagement is the finding…

Continue ReadingOur Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.

OSTIF has Received Another Contribution from DuckDuckGo

Duckduckgo, the privacy search engine, has contributed to OSTIF for a second time by donating $25,000 USD. Their site that tracks their charitable donations Spread Privacy has the official announcement. These funds are not allocated to any specific project, which helps OSTIF tremendously by allowing us to spend resources on…

Continue ReadingOSTIF has Received Another Contribution from DuckDuckGo

A Review of the Linux Kernel’s Vulnerability Reporting and Remediation

The Linux Foundation has sponsored a review of the Linux Kernel's practices and policies around how security vulnerabilities are reported to the kernel team, how those reports are processed and addressed, and how those vulnerabilities are disclosed to the public. OSTIF, working with the team at Atredis Partners and a…

Continue ReadingA Review of the Linux Kernel’s Vulnerability Reporting and Remediation

The Linux Foundation Public Health Initiative Sponsored the Audit of COVID Exposure Notification Apps. Here Are The Results!

The Linux Foundation's Public Health (LFPH) initiative has sponsored audits of two COVID-19 exposure notification apps, COVID Shield and COVID Green. As part of their stewardship of these projects, the Linux Foundation decided that it would be prudent to perform due diligence by reviewing the design and code of the…

Continue ReadingThe Linux Foundation Public Health Initiative Sponsored the Audit of COVID Exposure Notification Apps. Here Are The Results!