A Review of the Linux Kernel’s Vulnerability Reporting and Remediation

The Linux Foundation has sponsored a review of the Linux Kernel's practices and policies around how security vulnerabilities are reported to the kernel team, how those reports are processed and addressed, and how those vulnerabilities are disclosed to the public. OSTIF, working with the team at Atredis Partners and a…

Continue Reading A Review of the Linux Kernel’s Vulnerability Reporting and Remediation

The Linux Foundation Public Health Initiative Sponsored the Audit of COVID Exposure Notification Apps. Here Are The Results!

The Linux Foundation's Public Health (LFPH) initiative has sponsored audits of two COVID-19 exposure notification apps, COVID Shield and COVID Green. As part of their stewardship of these projects, the Linux Foundation decided that it would be prudent to perform due diligence by reviewing the design and code of the…

Continue Reading The Linux Foundation Public Health Initiative Sponsored the Audit of COVID Exposure Notification Apps. Here Are The Results!

The Audit of Unbound DNS is Fully Funded

After months of fundraising, we have reached our goal to fund the Unbound DNS audit! We would like to thank the primary supporters of this security review, Private Internet Access and Let's Encrypt. Unbound DNS is DNS server software that offers both DNSSEC and DNS-over-TLS (aka DoT) functionality. It is…

Continue Reading The Audit of Unbound DNS is Fully Funded

We are Working with the Monero Community for Multiple Audits of RandomX

The Open Source Technology Improvement Fund is working with the Monero community to fund at least two (and probably three) audits of Monero RandomX. What is RandomX? RandomX is a project that implements a dynamic proof of work algorithm. The aim of an algorithm that changes is to make it…

Continue Reading We are Working with the Monero Community for Multiple Audits of RandomX
The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched
Monero cryptocurrency security theme with businessman on blurred blue light background

The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched

Bulletproofs are a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs are a trustless proofs setup that are substantially smaller than the current Borromean style range proofs that were previously used, which reduces the size of Monero transactions by 80-90%. Monero’s latest network update,…

Continue Reading The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched

The QuarksLab and Kudelski Security audits of Monero Bulletproofs are Complete

Kudelski Security has done a review of Monero Bulletproofs, a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs is a trustless proofs setup that is substantially smaller than the current Borromean style range proofs that are currently used, promising to make Monero transactions 10-20%…

Continue Reading The QuarksLab and Kudelski Security audits of Monero Bulletproofs are Complete
OpenSSL and Monero Bulletproofs Audits are Underway!
Monero cryptocurrency security theme with businessman on blurred blue light background

OpenSSL and Monero Bulletproofs Audits are Underway!

  • Post category:Security

OpenSSL and Monero Bulletproofs Audits are Underway! We have confirmed that QuarksLab has began the work of reviewing OpenSSL 1.1.1 (the current beta version that implements TLS 1.3, a huge cryptography update.) They are currently working on TLS 1.3 and the updated random number generator to search for biases or…

Continue Reading OpenSSL and Monero Bulletproofs Audits are Underway!

The OpenVPN 2.4.0 Audit by OSTIF and QuarksLab Results

OpenVPN 2.4.0, the NDIS6 TAP Driver for Windows, the Windows GUI, and Linux versions were evaluated. This release included a number of new features including control channel encryption. QuarksLab found: 1 Critical/High Vulnerability CVE-2017-7478 1 Medium Vulnerability CVE-2017-7479 5 Low or Informational Vulnerabilities / Concerns This public disclosure of these vulnerabilities coincides with the release of OpenVPN 2.4.2 which fixes…

Continue Reading The OpenVPN 2.4.0 Audit by OSTIF and QuarksLab Results

The Audit of OpenVPN is Complete

The Audit of OpenVPN is Complete We have confirmed with QuarksLab that the security review of OpenVPN 2.4.0 is complete, and that they are now documenting the results. The process will then proceed as follows: QuarksLab will securely give these results to the OpenVPN security team on April 7th. The…

Continue Reading The Audit of OpenVPN is Complete