OSTIF is proud to share the results of our security audit of Fastify. Fastify is an open source overhead web framework for Node.js, which prioritizes speed while maintaining expansibility and approachability. This audit was possible through the efforts of Ada Logics and the support of the OpenJS Foundation. Audit Process: First…
OSTIF is proud to share the results of our security audit of OpenTelemetry. OpenTelemetry is an open source project for generating and collecting telemetry data for software analysis. With the help of 7ASecurity and the Cloud Native Computing Foundation (CNCF), this project will experience strengthened security health as it moves…
OSTIF is proud to share the results of our security audit of Cloud Native Buildpacks. Cloud Native Buildpacks (or "Buildpacks") is an open source tool for making container images for any cloud directly from the application source code. With the help of Quarkslab and the Cloud Native Computing Foundation (CNCF),…
OSTIF is proud to share the results of our security audit of the Apache Commons libraries IO, Lang, and Codec. Apache Commons libraries are open source extensions to the Java Development Kit (JDK). With the help of Ada Logics and Amazon Web Services, these three libraries will healthily continue to support…
“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…
OSTIF is proud to share the results of our security audit of CycloneDDS. CycloneDDS is an open source implementation of the Object Management Group-Data Distribution Service (OMG-DDS) under the Eclipse Foundation IoT. With the help of X-41 D-Sec and the Eclipse Foundation, this project can continue to securely develop on…
Why OSTIF? There’s a lot of misconceptions that cause stagnation when it comes to procuring and participating in security audits. How does one even begin to get an audit, much less fund it? There is too much work involved, and not enough help from the auditors. It’s just a way…
OSTIF is proud to share the results of our security audit of Temurin. Temurin is an open source project for building high performing Java runtime binaries. With the help of Trail of Bits and the Eclipse Foundation, this project will continue to securely support users who develop Java codes across…
OSTIF is proud to share the results of our security audit of OpenSSL. OpenSSL is a commercial-grade cryptographic communications open source library. With the help of Trail of Bits and the OpenSSL project, this project will run more securely for those looking to perform various SSL-related tasks. Audit highlights: This…
OSTIF is proud to share the results of our security audit of Boost. Boost is an open source provider of free portable C++ source libraries. The project aims to establish a benchmark to provide reference implementations for future C++ standards. With the help of Shielder and Amazon Web Services, Boost…