This summer, over four engineer weeks, Trail of Bits and OSTIF collaborated on a security audit of DragonFly. A CNCF Incubating Project, DragonFly functions as file distribution for peer-to-peer technologies. Included in the scope was the sub-project Nydus’s repository that works in image distribution. The engagement was outlined and framed…
Results of Git Security Audit Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for git. Git is the world's most widely used version control system, and it underpins not only open source, but the vast majority of public and…
Open Source Technology Improvement Fund is thrilled to report the results of another security audit. Python-TUF is a reference implementation written in Python for The Update Framework (TUF); a framework for secure content delivery and updates. The primary result of the work is one medium and four low-severity issues. Details…
The Cloud Native Computing Foundation and OSTIF Impact Report OSTIF has been working with the Cloud Native Computing Foundation (CNCF) on a number of security projects over the last year. This has been a large collaborative effort to help CNCF projects improve their security posture by conducting code audits, building…
OSTIF is simultaneously working on multiple projects this quarter. Here is what we've been working on and what to expect over the next few months! Two projects with the Linux Foundation We are working with the Linux Foundation's Core Infrastructure Initiative on the safety and security of the Linux Kernel.…
OSTIF, QuarksLab, and VeraCrypt E-mails are Being Intercepted As we have began the process of staging our audit, we have set up PGP encrypted communications between OSTIF, QuarksLab, and the lead developer of the VeraCrypt project. In these communications we have discussed vulnerability information, processes and procedures for reporting findings,…
We are proud to announce the addition of a new member of our team! Samara Renovato is joining us to help manage our PR and Social Media operations. She is a student at the University of Chicago studying Psychology. With a new focus on how people interact with one another…
The Haystack - Four Woman Journalists Explore the Scope, Legality, and Ethical Pitfalls of Mass Surveillance. What is mass surveillance? How do investigative powers of governments differ today from thirty years ago? How intrusive are these powers? Are these powers legal within the constitutions of their respective countries? Who decides…
DuckDuckGo, the privacy search engine that does not track its users, has made a $25,000 contribution to the OSTIF, with the funds earmarked for the VeraCrypt project. These funds will be instrumental in supporting our goals of strengthening VeraCrypt and will directly assist the project in moving forward. DuckDuckGo's business…
I would like to thank Mike from HTPCguides.com for assisting us with migrating our servers to Linux, optimizing their performance and hardening our complex infrastructure in order to get ready for our KickStarter. We used two guides in particular: http://www.htpcguides.com/install-configure-configserver-csf-firewall-security/ http://www.htpcguides.com/install-wordpress-on-raspberry-pi-with-raspbian/ (no, our servers are not running Raspberry Pis, we…