DuckDuckGo, the privacy search engine, has contributed to OSTIF for a third time by donating $25,000 USD. The charitable giving as part of DuckDuckGo’s annual program Spread Privacy is special, as the funds are not allocated to any specific project. This contribution helps OSTIF tremendously and allows the organization to…
Results of the Cilium Security Engagement About Cilium Cilium is an open source software for providing, securing and observing network connectivity between container workloads, powered by eBPF sandboxing in the linux kernel. It provides cloud-native network security and observability while maintaining strong security properties itself. Similar tools without eBPF have…
Amazon Web Services Supports Open Source Technology Improvement Fund Amir Montazery, Managing Director, Open Source Technology Improvement Fund, Inc (OSTIF) The OSTIF team is absolutely thrilled to announce that we’ve reached an agreement with Amazon Web Services (AWS) to provide $500,000 in funding. The funding from AWS will help OSTIF…
Results of the KEDA Security Engagement KEDA, or the Kubernetes-based Event Driven Autoscaling project, was reviewed by Trail of Bits at the end of 2022. KEDA joins a growing list of CNCF Projects audited to improve security posture and help reach graduated status thanks to strategic partner OSTIF. A combination…
Today OSTIF is thrilled to release the Independent Security Audit Impact Report. This report is the culmination of over a year’s worth of work that OSTIF organized thanks to funding from Google and OpenSSF. “I am extremely proud of this work and what OSTIF continues to accomplish. Organizations like Google,…
Open Source Technology Improvement Fund is happy to announce the results of the Istio Security Audit. Used by key cloud providers and technology organizations, Istio is an open service mesh platform to connect, manage, and secure microservices. The Security Audit was carried out by the team at ADA Logics. A…
Results of Git Security Audit Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for git. Git is the world's most widely used version control system, and it underpins not only open source, but the vast majority of public and…
Results of curl Security Audit By: Amir Montazery, OSTIF Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for curl. In development since 1998, curl is a command line tool and library for transferring data with URLs. Curl is used…
Open Source Technology Improvement Fund, Inc is happy to announce the results of the CloudEvents Security Assessment. CloudEvents is a specification for describing event data in a common way that simplifies event declaration and delivery across services, platforms, and beyond. CloudEvents has a robust network of contributors and active development…
We’re excited to report the results for the security audits of Jackson-Core and Jackson-Databind. Jackson-Core and Jackson-Databind are Java projects that are widely adopted for parsing and binding data. The security review was facilitated by Open Source Technology Improvement Fund backed by the OpenSSF and carried out by Adalogics. The…