OSTIF is proud to share the results of our security audit of Node.js. Node.js is an open source project that is designed to build scalable network applications through asynchronous event-driven JavaScript runtime. With the help of Ada Logics and the OpenJS Foundation, this project will experience deeper fuzzing as it…
OSTIF is proud to share the results of our security audit of Express. Express is an open source web framework for Node.js that prioritizes performance and flexibility. With the help of the OpenJS Foundation and ADA Logics, this project can continue to thrive as a web application framework for users needing lightweight HTTP server tooling. Audit Process:…
OSTIF is proud to share the results of our security audit of OperatorFabric. OperatorFabric is an open source industrial platform for utility operations. With the help of Quarkslab and Linux Foundation Energy (LF Energy), this project will continue to provide secure, centralized business operations for users and high-quality service to…
OSTIF is proud to share the results of our security audit of SEAPATH. SEAPATH is an open source project hosted by Linux Foundation Energy (LF Energy) that consolidates clusters of servers for energy and power management across substations at the utility level. With the help of Ada Logics and LF…
OSTIF is proud to share the results of our security audit of LitmusChaos. LitmusChaos is an open source chaos engineering platform for a multitude of cloud platforms. With the help of 7ASecurity and the Cloud Native Computing Foundation, this project can continue to provide secure chaos testing environments for developers. …
OSTIF is proud to share the results of our security audit of Fastify. Fastify is an open source overhead web framework for Node.js, which prioritizes speed while maintaining expansibility and approachability. This audit was possible through the efforts of Ada Logics and the support of the OpenJS Foundation. Audit Process: First…
OSTIF is proud to share the results of our security audit of OpenTelemetry. OpenTelemetry is an open source project for generating and collecting telemetry data for software analysis. With the help of 7ASecurity and the Cloud Native Computing Foundation (CNCF), this project will experience strengthened security health as it moves…
OSTIF is proud to share the results of our security audit of Cloud Native Buildpacks. Cloud Native Buildpacks (or "Buildpacks") is an open source tool for making container images for any cloud directly from the application source code. With the help of Quarkslab and the Cloud Native Computing Foundation (CNCF),…
OSTIF is proud to share the results of our security audit of the Apache Commons libraries IO, Lang, and Codec. Apache Commons libraries are open source extensions to the Java Development Kit (JDK). With the help of Ada Logics and Amazon Web Services, these three libraries will healthily continue to support…
“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…