Our Audit of SimpleJSON is complete!

OSTIF is pleased to announce that another audit has reached publication! A security audit of simplejson’s source code was conducted in collaboration with X41.  Found during the audit process were one medium and two low severity issues, as well as nine more informational issues. In addition, custom differential fuzzing harnesses…

Continue ReadingOur Audit of SimpleJSON is complete!

The OSTIF Impact Report for the Cloud Native Computing Foundation

Open Source Technology Improvement Fund (OSTIF) is proud to share the Cloud Native Computing Foundation (CNCF) Impact Report for 2022. This report is a follow-up to our August 2022 post and is based on CNCF’s strong commitment to improving security posture of projects, a sound guiding policy and project maturity…

Continue ReadingThe OSTIF Impact Report for the Cloud Native Computing Foundation

Thank You to DuckDuckGo for Their Continued Support of OSTIF

DuckDuckGo, the privacy search engine, has contributed to OSTIF for a third time by donating $25,000 USD. The charitable giving as part of DuckDuckGo’s annual program Spread Privacy is special, as the funds are not allocated to any specific project. This contribution helps OSTIF tremendously and allows the organization to…

Continue ReadingThank You to DuckDuckGo for Their Continued Support of OSTIF

Our Audit of Cilium is Complete!

Results of the Cilium Security Engagement About Cilium Cilium is an open source software for providing, securing and observing network connectivity between container workloads, powered by eBPF sandboxing in the linux kernel. It provides cloud-native network security and observability while maintaining strong security properties itself. Similar tools without eBPF have…

Continue ReadingOur Audit of Cilium is Complete!

Amazon Web Services Supports Open Source Technology Improvement Fund

Amazon Web Services Supports Open Source Technology Improvement Fund Amir Montazery, Managing Director, Open Source Technology Improvement Fund, Inc (OSTIF) The OSTIF team is absolutely thrilled to announce that we’ve reached an agreement with Amazon Web Services (AWS) to provide $500,000 in funding. The funding from AWS will help OSTIF…

Continue ReadingAmazon Web Services Supports Open Source Technology Improvement Fund

Our Audit of Kubernetes Event Driven Autoscaling (KEDA) is Complete!

Results of the KEDA Security Engagement KEDA, or the Kubernetes-based Event Driven Autoscaling project, was reviewed by Trail of Bits at the end of 2022. KEDA joins a growing list of CNCF Projects audited to improve security posture and help reach graduated status thanks to strategic partner OSTIF. A combination…

Continue ReadingOur Audit of Kubernetes Event Driven Autoscaling (KEDA) is Complete!