OSTIF in 2019 – What to Expect

It has been a while since we have done a round of updates on what we are working on.

We have a number of projects that are currently active and more starting up. Throughout 2019 we expect to finish more than twice as many total projects and to continue with our current commitments to transparency and public review.

In the immediate future, you should see an update to our public books for 2018, which will show where every dollar that we took in was spent. We will also release a separate financial report that shows our goals and how we fared with our actual financial management for the year. (We are expecting the results to look good!)

Here is a list of our current projects and their status:

VeraCrypt – Maintenance – We have audited the software and it is currently active on our bug bounty program on HackerOne through our partnership with the Internet Bug Bounty.

OpenVPN – Maintenance – We have audited version 2.4.0 and are preparing a second round of audits for version 2.5.0. It is currently active on our bug bounty program on HackerOne through our partnership with the Internet Bug Bounty.

Monero Bulletproofs – Completed – We conducted audits with two different teams, funded by the Monero community and Monero Research Lab. This was a one-off relationship with Monero, but we plan to work with them in the future as need arises.

OpenSSL – Auditing – We are in the process of auditing version 1.1.1 and results should be forthcoming in a few days. The final version of the document is being drafted now. After the audit is published, we will be funding a bug bounty through the Internet Bug Bounty on HackerOne.

VLC Media Player – Bidding Started – We are taking bids on auditing VLC, and establishing what the VLC team needs to help improve the project.

DD-WRT – Bidding Started – We are taking bids on auditing specific builds of DD-WRT. We are reaching out to the project to learn about the needs of the development team and their current security practices.

Grin – Starting – We are in talks with Grin about assisting the project with audits of their infrastructure and code. This project will be self-funded by the Grin community.

MariaDB – Starting – We will be approaching MariaDB to discuss the needs of the project shortly. An audit is likely.

GnuPG’s Gnu Privacy Guard – Starting – We will be approaching the project to discuss the needs of the project shortly. An audit is likely.

BitMessage – Starting – We are in the process of negotiating with the maintainer an audit and infrastructure review.

Reproducible Builds – Open Talks – We are attempting to help the reproducible builds project find funding, as the technology is crucial to making software more reliable and trustworthy.

PHP – Coming Soon

Apache HTTP Server – Coming Soon

WordPress.org – Coming Soon

We are expecting 2019 to be our busiest year yet! Check back with us frequently for progress!