2024 CNCF/OSTIF Independent Security Audit Impact Report

OSTIF is proud to share the results of our 2024 security audit collaboration with the Cloud Native Computing Foundation (CNCF). Over the past three years, OSTIF and the CNCF have worked together to provide security audits for CNCF projects. These projects, as a part of the CNCF landscape, must undergo…

Continue Reading2024 CNCF/OSTIF Independent Security Audit Impact Report

OSTIF Receives a Fourth Yearly Donation from DuckDuckGo

For a fourth year in a row, DuckDuckGo has generously donated to the Open Source Technology Improvement Fund (OSTIF) as part of its annual charitable donations program.  Funding administrative overhead as a small nonprofit is incredibly tricky. The feast-or-famine nature of nonprofit work makes it complicated to budget, as well…

Continue ReadingOSTIF Receives a Fourth Yearly Donation from DuckDuckGo

Node.js Fuzzing Audit Complete!

OSTIF is proud to share the results of our security audit of Node.js. Node.js is an open source project that is designed to build scalable network applications through asynchronous event-driven JavaScript runtime. With the help of Ada Logics and the OpenJS Foundation, this project will experience deeper fuzzing as it…

Continue ReadingNode.js Fuzzing Audit Complete!

Express Audit Complete!

OSTIF is proud to share the results of our security audit of Express. Express is an open source web framework for Node.js that prioritizes performance and flexibility. With the help of the OpenJS Foundation and ADA Logics, this project can continue to thrive as a web application framework for users needing lightweight HTTP server tooling. Audit Process:…

Continue ReadingExpress Audit Complete!

OperatorFabric Audit Complete!

OSTIF is proud to share the results of our security audit of OperatorFabric. OperatorFabric is an open source industrial platform for utility operations. With the help of Quarkslab and Linux Foundation Energy (LF Energy), this project will continue to provide secure, centralized business operations for users and high-quality service to…

Continue ReadingOperatorFabric Audit Complete!

Fastify Audit Complete!

OSTIF is proud to share the results of our security audit of Fastify.  Fastify is an open source overhead web framework for Node.js, which prioritizes speed while maintaining expansibility and approachability. This audit was possible through the efforts of Ada Logics and the support of the OpenJS Foundation. Audit Process: First…

Continue ReadingFastify Audit Complete!

OpenTelemetry Audit Complete!

OSTIF is proud to share the results of our security audit of OpenTelemetry. OpenTelemetry is an open source project for generating and collecting telemetry data for software analysis.  With the help of 7ASecurity and the Cloud Native Computing Foundation (CNCF), this project will experience strengthened security health as it moves…

Continue ReadingOpenTelemetry Audit Complete!