The Sovereign Tech Fund and the Open Source Technology Improvement Fund (OSTIF) are collaborating upon multiple security reviews for open source projects. As part of STF’s Bug Resilience Program, we are organizing and providing projects that are rooted in infrastructure with audits and engagements to reduce their open and undiscovered vulnerabilities as well as provide a foundation for future security work.

These engagements are diverse in scale and necessities. They resulted in a variety of impactful findings and revelations about these projects. Thanks to the assistance of project maintainers and the backing of STF, OSTIF was able to engage respected and experienced audit teams to provide services like fuzzing, threat modeling, code analysis, and supply-chain security work customized to projects’ needs. 

Security-focused engagements are not only helpful to projects and their users, but also educational and revealing for maintainers and auditors. As our world grows increasingly reliant on digital infrastructure, the need for security knowledge and work on these projects becomes pivotal and urgent. Security work ideally happens yesterday – the second best time is today. 

Keep tabs on this space as we begin to release the audit reports for our collaboration, which will be published in the first quarter of 2024. 

Thank you to the team at STF, notably: Tara Tarakiyee, Adriana Groh, Fiona Krakenbürger, Paul Sharratt, and Powen Shiah for their support of our work as well as assistance and investment in  this collaboration. 


Everyone around the world depends on open source. If you’re interested in financially supporting this work, contact [email protected].