Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and extends native containerized application orchestration and management to hosts at the edge. The result of this engagement is the finding…
Open Source Technology Improvement Fund is thrilled to report the results of a security audit of CRI-O. CRI-O is an open source software (OSS) project that is an implementation of the Kubernetes Container Runtime Interface. It can run any OCI-compatible container, providing an enormous number of applications and environments. The…
Duckduckgo, the privacy search engine, has contributed to OSTIF for a second time by donating $25,000 USD. Their site that tracks their charitable donations Spread Privacy has the official announcement. These funds are not allocated to any specific project, which helps OSTIF tremendously by allowing us to spend resources on…
OSTIF has been working with the Open Source Security Foundation's Securing Critical Projects working group to help identify critical pieces of infrastructure that require focused security attention. Symfony, a widely used PHP framework has consistently been near the top of multiple reports, underscoring the criticality of the project to the…
Announcement: Google is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software. OSTIF is elated to announce that we are planning to improve security of eight open-source projects thanks to support from the Google Open Source Security Team. This marks a major…
The Linux Foundation has sponsored a review of the Linux Kernel's practices and policies around how security vulnerabilities are reported to the kernel team, how those reports are processed and addressed, and how those vulnerabilities are disclosed to the public. OSTIF, working with the team at Atredis Partners and a…
The Linux Foundation's Public Health (LFPH) initiative has sponsored audits of two COVID-19 exposure notification apps, COVID Shield and COVID Green. As part of their stewardship of these projects, the Linux Foundation decided that it would be prudent to perform due diligence by reviewing the design and code of the…
After months of fundraising, we have reached our goal to fund the Unbound DNS audit! We would like to thank the primary supporters of this security review, Private Internet Access and Let's Encrypt. Unbound DNS is DNS server software that offers both DNSSEC and DNS-over-TLS (aka DoT) functionality. It is…
The Open Source Technology Improvement Fund is working with the Monero community to fund at least two (and probably three) audits of Monero RandomX. What is RandomX? RandomX is a project that implements a dynamic proof of work algorithm. The aim of an algorithm that changes is to make it…
Bulletproofs are a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs are a trustless proofs setup that are substantially smaller than the current Borromean style range proofs that were previously used, which reduces the size of Monero transactions by 80-90%. Monero’s latest network update,…