OSTIF’s Security Audit of K-9 Mail is Complete!

Open Source Technology Improvement Fund (OSTIF), K-9 Mail, and 7ASecurity collaborated on a security audit of the Mozilla K-9 email application. K-9 is an open source email application and runs on most Android phone systems. Ideally, the application is reliable, intuitive, and secure to use. Not only critical to Android…

Continue ReadingOSTIF’s Security Audit of K-9 Mail is Complete!

OSTIF’s Security Audit of Notation-duly Noted!

During the Spring of 2023, OSTIF, ADA Logics, and The Notary Project collaborated on a security audit of the new Notation libraries. Notation is a CLI project to add signatures as standard items in the registry ecosystem and to build a set of simple tooling for signing and verifying signatures. …

Continue ReadingOSTIF’s Security Audit of Notation-duly Noted!

LIBLOUIS CONTINUOUS FUZZING IMPROVEMENTS BY ADA LOGICS AND OSTIF

Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of security improvements via improved fuzzing capabilities on the Liblouis project by ADA Logics! Liblouis is a braille translator with expansive capabilities that runs on open source code. In 2021, the project onboarded to OSS-Fuzz to perform ongoing…

Continue ReadingLIBLOUIS CONTINUOUS FUZZING IMPROVEMENTS BY ADA LOGICS AND OSTIF

Our audit of in-toto is complete!

In collaboration with X41 and in-toto, OSTIF is pleased to announce the publication of our audit of in-toto’s source code. In-toto, which has implementations in Python and Go, is a framework software for supply chain security. Integrating security and transparency through the entire process of application, in-toto’s holistic view of…

Continue ReadingOur audit of in-toto is complete!

Our Audit of SimpleJSON is complete!

OSTIF is pleased to announce that another audit has reached publication! A security audit of simplejson’s source code was conducted in collaboration with X41.  Found during the audit process were one medium and two low severity issues, as well as nine more informational issues. In addition, custom differential fuzzing harnesses…

Continue ReadingOur Audit of SimpleJSON is complete!