OSTIF Receives a Fourth Yearly Donation from DuckDuckGo

For a fourth year in a row, DuckDuckGo has generously donated to the Open Source Technology Improvement Fund (OSTIF) as part of its annual charitable donations program.  Funding administrative overhead as a small nonprofit is incredibly tricky. The feast-or-famine nature of nonprofit work makes it complicated to budget, as well…

Continue ReadingOSTIF Receives a Fourth Yearly Donation from DuckDuckGo

OperatorFabric Audit Complete!

OSTIF is proud to share the results of our security audit of OperatorFabric. OperatorFabric is an open source industrial platform for utility operations. With the help of Quarkslab and Linux Foundation Energy (LF Energy), this project will continue to provide secure, centralized business operations for users and high-quality service to…

Continue ReadingOperatorFabric Audit Complete!

Fastify Audit Complete!

OSTIF is proud to share the results of our security audit of Fastify.  Fastify is an open source overhead web framework for Node.js, which prioritizes speed while maintaining expansibility and approachability. This audit was possible through the efforts of Ada Logics and the support of the OpenJS Foundation. Audit Process: First…

Continue ReadingFastify Audit Complete!

OpenTelemetry Audit Complete!

OSTIF is proud to share the results of our security audit of OpenTelemetry. OpenTelemetry is an open source project for generating and collecting telemetry data for software analysis.  With the help of 7ASecurity and the Cloud Native Computing Foundation (CNCF), this project will experience strengthened security health as it moves…

Continue ReadingOpenTelemetry Audit Complete!

Cloud Native Buildpacks Audit Complete!

OSTIF is proud to share the results of our security audit of Cloud Native Buildpacks. Cloud Native Buildpacks (or "Buildpacks") is an open source tool for making container images for any cloud directly from the application source code. With the help of Quarkslab and the Cloud Native Computing Foundation (CNCF),…

Continue ReadingCloud Native Buildpacks Audit Complete!

Reasons Why Most Audits are Still Waiting

“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…

Continue ReadingReasons Why Most Audits are Still Waiting

CycloneDDS Audit Complete!

OSTIF is proud to share the results of our security audit of CycloneDDS. CycloneDDS is an open source implementation of the Object Management Group-Data Distribution Service (OMG-DDS) under the Eclipse Foundation IoT. With the help of X-41 D-Sec and the Eclipse Foundation, this project can continue to securely develop on…

Continue ReadingCycloneDDS Audit Complete!

Why OSTIF?

Why OSTIF? There’s a lot of misconceptions that cause stagnation when it comes to procuring and participating in security audits. How does one even begin to get an audit, much less fund it? There is too much work involved, and not enough help from the auditors. It’s just a way…

Continue ReadingWhy OSTIF?