Securing Open-Source Infrastructure with Trail of Bits

OSTIF started performing security audits in earnest in 2018, tackling a new level of involvement open source security. That same year was OSTIF’s first collaboration with security firm Trail of Bits, working together to complete an audit of RandomX. Since then our two companies have worked together on 12 security…

Continue ReadingSecuring Open-Source Infrastructure with Trail of Bits

The Buzz about Mosquitto ‘s Security Audit!

Open source project Mosquitto underwent a security audit with OSTIF and Trail of Bits in collaboration with the Eclipse Foundation. The project, which is a message broker for the MQTT protocol, is designed to connect the Internet of Things. Projects that are open to the internet have increased landscape exposure…

Continue ReadingThe Buzz about Mosquitto ‘s Security Audit!

In-Flux-ible on bugs- Flux undergoes Security Audit with OSTIF and Trail of Bits

OSTIF is proud to announce the publication of a security audit on the Kubernetes cluster tooling Flux in collaboration with Trail of Bits. Performed over four engineer weeks, this is the second security audit with OSTIF that Flux has undertaken, the first having taken place in November 2021. Repeated security…

Continue ReadingIn-Flux-ible on bugs- Flux undergoes Security Audit with OSTIF and Trail of Bits

OSTIF Has Completed A Security Audit of wasmCloud!

OSTIF and wasmCloud collaborated with Trail of Bits on a security audit of the application which is a deployment platform for distributed Wasm application development. The engagement priorities are listed as, but not limited to: wasmCloud sandboxing capabilities of user-provided code, if users were appropriately limited in their accessible features…

Continue ReadingOSTIF Has Completed A Security Audit of wasmCloud!

OSTIF’s Favorite Bug- DragonFly!

This summer, over four engineer weeks, Trail of Bits and OSTIF collaborated on a security audit of DragonFly. A CNCF Incubating Project, DragonFly functions as file distribution for peer-to-peer technologies. Included in the scope was the sub-project Nydus’s repository that works in image distribution. The engagement was outlined and framed…

Continue ReadingOSTIF’s Favorite Bug- DragonFly!

Our Audit of Kubernetes Event Driven Autoscaling (KEDA) is Complete!

Results of the KEDA Security Engagement KEDA, or the Kubernetes-based Event Driven Autoscaling project, was reviewed by Trail of Bits at the end of 2022. KEDA joins a growing list of CNCF Projects audited to improve security posture and help reach graduated status thanks to strategic partner OSTIF. A combination…

Continue ReadingOur Audit of Kubernetes Event Driven Autoscaling (KEDA) is Complete!

The OSTIF Audit of Curl with Trail of Bits is Complete

Results of curl Security Audit  By: Amir Montazery, OSTIF Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for curl. In development since 1998, curl is a command line tool and library for transferring data with URLs. Curl is used…

Continue ReadingThe OSTIF Audit of Curl with Trail of Bits is Complete