Cloud Native Buildpacks Audit Complete!

OSTIF is proud to share the results of our security audit of Cloud Native Buildpacks. Cloud Native Buildpacks (or "Buildpacks") is an open source tool for making container images for any cloud directly from the application source code. With the help of Quarkslab and the Cloud Native Computing Foundation (CNCF),…

Continue ReadingCloud Native Buildpacks Audit Complete!

Reasons Why Most Audits are Still Waiting

“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…

Continue ReadingReasons Why Most Audits are Still Waiting

CycloneDDS Audit Complete!

OSTIF is proud to share the results of our security audit of CycloneDDS. CycloneDDS is an open source implementation of the Object Management Group-Data Distribution Service (OMG-DDS) under the Eclipse Foundation IoT. With the help of X-41 D-Sec and the Eclipse Foundation, this project can continue to securely develop on…

Continue ReadingCycloneDDS Audit Complete!

Why OSTIF?

Why OSTIF? There’s a lot of misconceptions that cause stagnation when it comes to procuring and participating in security audits. How does one even begin to get an audit, much less fund it? There is too much work involved, and not enough help from the auditors. It’s just a way…

Continue ReadingWhy OSTIF?

OpenSSL Audit Complete!

OSTIF is proud to share the results of our security audit of OpenSSL. OpenSSL is a commercial-grade cryptographic communications open source library. With the help of Trail of Bits and the OpenSSL project, this project will run more securely for those looking to perform various SSL-related tasks. Audit highlights: This…

Continue ReadingOpenSSL Audit Complete!

Kuksa Audit Complete!

OSTIF is proud to share the results of our security audit of Kuksa.  Kuksa.val is an open source vehicle abstraction layer. With the help of Quarkslab and the Eclipse Foundation, this project will continue to provide in-vehicle software components for users working with in-vehicle signals in a secure and efficient…

Continue ReadingKuksa Audit Complete!

CloudCustodian Audit Complete!

OSTIF is proud to share the results of our security audit of CloudCustodian. CloudCustodian is an open source rules engine for cloud infrastructure management. Thanks to the help of Ada Logics and the Cloud Native Computing Foundation, this project underwent a third-party security audit to help strengthen CloudCustodian’s security as…

Continue ReadingCloudCustodian Audit Complete!