The Open Source Technology Improvement Fund is proud to share the results of our security audit of conda-forge. conda-forge is a community-driven open source repository of conda package manager recipes. With the help of 7ASecurity and the Sovereign Tech Agency, this project has invested in its longevity and security health…
If you can’t throw yourself a party, what’s the point? That was our train of thought when brainstorming earlier this year about how we wanted to celebrate our 10 year anniversary. Thriving as a non-profit startup in an incredibly competitive and difficult sector to break into, much less be successful…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Volcano. Volcano is an open source cloud native batch scheduling system offering among other things queue management and multi-cluster scheduling. With the help of Ada Logics and the Cloud Native Computing Foundation (CNCF),…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Ruby on Rails. Ruby on Rails (or “Rails”) is an open source full stack web-application framework. Thanks to the help of X41 D-Sec, GitLab, and the Sovereign Tech Agency, Rails can provide more…
The Open Source Technology Improvement Fund is proud to share the results of our security audits of Apache Log4Net and Log4CXX. Log4CXX is an open source logging framework library for C++, and Log4Net is a library to output log statements to various targets. With the help of Ada Logics and…
by Helen Woeste, Communications and Community Manager Amir and I were in London for State of Open Con earlier this year, where we attended a talk by Kat Cosgrove and Jeremy Rickard called “Are You Not Entertained? Open Source Isn’t a Coliseum.” This presentation was about conflict in community and…
The Open Source Technology Improvement Fund is proud to share the results of our security audits of nghttp3 and ngtcp2. Ngtcp2 is an open source project that implements the QUIC network protocol, while nghttp3 implements HTTP/3 to help improve the speed and efficacy issues of HTTP/2. With the help of…
OSTIF is proud to share the results of our security audit of NATS. NATS is an open source project made by Synadia Communications for secure always-on messaging for a variety of digital formats and clients. With the help of Trail of Bits and the Cloud Native Computing Foundation, this project…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of ztunnel. ztunnel is the open source node proxy implementation of Istio’s ambient mesh mode. Moving forward from this collaboration between Istio, Trail of Bits, and the Cloud Native Computing Foundation, there is reasonable…
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our security audit of PHP Specifically, the open source implementation of the interpreter for the PHP scripting language, which is popular in use for web development. As a result of this collaboration with OSTIF, Quarkslab, and…