AIxCC Competition Background & Results: In 2023, DARPA announced a two-year long competition called the Artificial Intelligence Cyber Challenge (AIxCC) with the goal to safeguard open source software used in critical infrastructure throughout America. The intent is to hasten the development of open source AI tooling that can assist developers…
2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…
2024 was the 9th year of OSTIF, and what an exciting and groundbreaking year it was! Our annual report for 2024 starts with the OSTIF story then moves onto our impact, function, partnerships, funding, and future. We didn’t mince words here- it’s a quick read of less than five minutes.…
OSTIF is proud to share the results of our security audit of Temurin. Temurin is an open source project for building high performing Java runtime binaries. With the help of Trail of Bits and the Eclipse Foundation, this project will continue to securely support users who develop Java codes across…
OSTIF is proud to share the results of our security audit of OpenSSL. OpenSSL is a commercial-grade cryptographic communications open source library. With the help of Trail of Bits and the OpenSSL project, this project will run more securely for those looking to perform various SSL-related tasks. Audit highlights: This…
OSTIF is proud to share the results of our security audit of cURL HTTP/3. cURL is an open source command line tool and library, the most widely used HTTP client software in the world. This engagement was for the new components of HTTP/3 in cURL. With the help of Trail…
OSTIF started performing security audits in earnest in 2018, tackling a new level of involvement open source security. That same year was OSTIF’s first collaboration with security firm Trail of Bits, working together to complete an audit of RandomX. Since then our two companies have worked together on 12 security…
Open source project Mosquitto underwent a security audit with OSTIF and Trail of Bits in collaboration with the Eclipse Foundation. The project, which is a message broker for the MQTT protocol, is designed to connect the Internet of Things. Projects that are open to the internet have increased landscape exposure…
OSTIF is proud to announce the publication of a security audit on the Kubernetes cluster tooling Flux in collaboration with Trail of Bits. Performed over four engineer weeks, this is the second security audit with OSTIF that Flux has undertaken, the first having taken place in November 2021. Repeated security…
OSTIF is pleased to announce the completion of a security audit of Eclipse Jetty in collaboration with the Eclipse Foundation and Trail of Bits. This audit was a part of a package of work organized and managed by OSTIF to provide security engagements to Eclipse Foundation projects. With funding and…