RustVMM Security Audit with OSTIF is Complete!

OSTIF is pleased to announce the completion of a security audit of the open source project RustVMM in collaboration with X-41 D-Sec GmbH, with funding by Amazon Web Services. The project offers crates to build customized Virtual Machine Monitors (thus, VMM), which can be vulnerable to malicious actors through its…

Continue ReadingRustVMM Security Audit with OSTIF is Complete!

Bugs? Search Me!- OpenSearch Security Audit Completed!

OSTIF and X41-Dsec collaborated with OpenSearch on a security audit on v. 2.8.0 of the open source search engine. As a search engine, this project handles sensitive data and therefore security is of utmost importance to project users, maintainers, and community. The main objective of this security audit was to…

Continue ReadingBugs? Search Me!- OpenSearch Security Audit Completed!

OSTIF’s Favorite Bug- DragonFly!

This summer, over four engineer weeks, Trail of Bits and OSTIF collaborated on a security audit of DragonFly. A CNCF Incubating Project, DragonFly functions as file distribution for peer-to-peer technologies. Included in the scope was the sub-project Nydus’s repository that works in image distribution. The engagement was outlined and framed…

Continue ReadingOSTIF’s Favorite Bug- DragonFly!

Our Audit of Python-TUF is Complete. Multiple Issues Found and Fixed

Open Source Technology Improvement Fund is thrilled to report the results of another security audit. Python-TUF is a reference implementation written in Python for The Update Framework (TUF); a framework for secure content delivery and updates. The primary result of the work is one medium and four low-severity issues. Details…

Continue ReadingOur Audit of Python-TUF is Complete. Multiple Issues Found and Fixed

The Cloud Native Computing Foundation and OSTIF Impact Report

The Cloud Native Computing Foundation and OSTIF Impact Report OSTIF has been working with the Cloud Native Computing Foundation (CNCF) on a number of security projects over the last year. This has been a large collaborative effort to help CNCF projects improve their security posture by conducting code audits, building…

Continue ReadingThe Cloud Native Computing Foundation and OSTIF Impact Report

What OSTIF is Working on in 2020

OSTIF is simultaneously working on multiple projects this quarter. Here is what we've been working on and what to expect over the next few months! Two projects with the Linux Foundation We are working with the Linux Foundation's Core Infrastructure Initiative on the safety and security of the Linux Kernel.…

Continue ReadingWhat OSTIF is Working on in 2020

OSTIF, QuarksLab, and VeraCrypt E-mails are Being Intercepted

OSTIF, QuarksLab, and VeraCrypt E-mails are Being Intercepted As we have began the process of staging our audit, we have set up PGP encrypted communications between OSTIF, QuarksLab, and the lead developer of the VeraCrypt project. In these communications we have discussed vulnerability information, processes and procedures for reporting findings,…

Continue ReadingOSTIF, QuarksLab, and VeraCrypt E-mails are Being Intercepted

The Haystack – Four Woman Journalists Explore the Scope, Legality, and Ethical Pitfalls of Mass Surveillance.

The Haystack - Four Woman Journalists Explore the Scope, Legality, and Ethical Pitfalls of Mass Surveillance. What is mass surveillance? How do investigative powers of governments differ today from thirty years ago? How intrusive are these powers? Are these powers legal within the constitutions of their respective countries? Who decides…

Continue ReadingThe Haystack – Four Woman Journalists Explore the Scope, Legality, and Ethical Pitfalls of Mass Surveillance.