The Open Source Technology Improvement Fund is proud to share the results of our security audit of PowSyBl. PowSyBl is an open source library for energy grid modeling, visualization, and simulation. With the help of Ada Logics and Linux Foundation Energy, this project manages electrical grids and provides users with efficient and secure power system blocks.
Audit Process:
This audit took place in March and April 2025 with auditing by the team at Ada Logics. Their goals were to create a threat model of PowSyBl, integrate fuzz testing, and perform manual auditing of the source code. Over the 5 weeks, all three goals were completed, including the implementation of 6 custom fuzz tests onto OSS-Fuzz. The audit team also spent time creating a detailed threat model of PowSyBl that informed their manual code review and branch protection recommendations.
Audit Results:
- 9 Findings with Security Impact- all findings have been resolved by the PowSyBl team
- 3 Medium
- 6 Low
- PowSyBl uploaded to OSS-Fuzz
- 6 Custom Fuzz Tests
- Custom Threat Model
- Attack Surfaces, Trust Boundaries, Threat Actors
- Figures Illustrating PowSyBl
- Security Hardening Recommendations
The PowSyBl team was the third project to undergo an audit through their partnership with Linux Foundation Energy, who sources security work through OSTIF. The project maintainers were heavily involved with the audit process, working directly with the team at Ada Logics to understand and resolve findings quickly and efficiently.
If you would like to learn more about this audit work, Amir Montazery of OSTIF will be presenting on this audit in collaboration with the PowSyBl maintainers at LF Energy Summit in Aachen, Germany, this upcoming September.
Thank you to the individuals and groups that made this engagement possible:
- PowSyBl community and maintainers, especially: Sophie Frasnedo, Olivier Perrin, and Nicolas Rol
- Ada Logics: Arthur Chen, Adam Korczynski, David Korczynski
- Linux Foundation Energy
You can read the Audit Report HERE
You can read LF Energy’s Blog HERE
OSTIF is celebrating our 10 year anniversary! Join us for a meetup about our work, lessons learned, and where we see the future of open source security going by following our meetup calendar https://lu.ma/ostif-meetups
Everyone around the world depends on open source software. If you’re interested in financially supporting this critical work, contact [email protected].