OSTIF has Received Another Contribution from DuckDuckGo

Duckduckgo, the privacy search engine, has contributed to OSTIF for a second time by donating $25,000 USD. Their site that tracks their charitable donations Spread Privacy has the official announcement. These funds are not allocated to any specific project, which helps OSTIF tremendously by allowing us to spend resources on…

Continue ReadingOSTIF has Received Another Contribution from DuckDuckGo

OSTIF is working with the Open Source Security Foundation on Symfony

  • Post category:NewsSecurity

OSTIF has been working with the Open Source Security Foundation's Securing Critical Projects working group to help identify critical pieces of infrastructure that require focused security attention. Symfony, a widely used PHP framework has consistently been near the top of multiple reports, underscoring the criticality of the project to the…

Continue ReadingOSTIF is working with the Open Source Security Foundation on Symfony

Google is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software

Announcement:  Google is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software.  OSTIF is elated to announce that we are planning to improve security of eight open-source projects thanks to support from the Google Open Source Security Team. This marks a major…

Continue ReadingGoogle is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software

A Review of the Linux Kernel’s Release Signing and Key Management Policies

The Linux Foundation sought a review of the kernel teams’ processes for release signing and for the policies and procedures for the handling of the signing keys. Working with OSTIF, Trail of Bits was selected to lead the project and a two person-week review was conducted. Unlike most OSTIF projects,…

Continue ReadingA Review of the Linux Kernel’s Release Signing and Key Management Policies

A Review of the Linux Kernel’s Vulnerability Reporting and Remediation

The Linux Foundation has sponsored a review of the Linux Kernel's practices and policies around how security vulnerabilities are reported to the kernel team, how those reports are processed and addressed, and how those vulnerabilities are disclosed to the public. OSTIF, working with the team at Atredis Partners and a…

Continue ReadingA Review of the Linux Kernel’s Vulnerability Reporting and Remediation

The Linux Foundation Public Health Initiative Sponsored the Audit of COVID Exposure Notification Apps. Here Are The Results!

The Linux Foundation's Public Health (LFPH) initiative has sponsored audits of two COVID-19 exposure notification apps, COVID Shield and COVID Green. As part of their stewardship of these projects, the Linux Foundation decided that it would be prudent to perform due diligence by reviewing the design and code of the…

Continue ReadingThe Linux Foundation Public Health Initiative Sponsored the Audit of COVID Exposure Notification Apps. Here Are The Results!

The OSTIF Audit of Monero CLSAG is Complete! – Results

OSTIF, working with the Monero Community, the Monero development team, Monero Research Lab and Sweetwater Asset Consulting, has completed our latest security review of Monero CLSAG. Concise Linkable Spontaneous Anonymous Group signatures are a new variant of Monero's current MLSAG (Multilayered Linkable Spontaneous Anonymous Group signature) scheme. Overall, it promises…

Continue ReadingThe OSTIF Audit of Monero CLSAG is Complete! – Results

What OSTIF is Working on in 2020

OSTIF is simultaneously working on multiple projects this quarter. Here is what we've been working on and what to expect over the next few months! Two projects with the Linux Foundation We are working with the Linux Foundation's Core Infrastructure Initiative on the safety and security of the Linux Kernel.…

Continue ReadingWhat OSTIF is Working on in 2020