AIxCC Competition Background & Results: In 2023, DARPA announced a two-year long competition called the Artificial Intelligence Cyber Challenge (AIxCC) with the goal to safeguard open source software used in critical infrastructure throughout America. The intent is to hasten the development of open source AI tooling that can assist developers…
The Open Source Technology Improvement Fund is proud to share the results of our security engagement on Developing ECH for OpenSSL (“DEfO”). DEfO is an open source implementation of Encrypted Client Hello (ECH) for OpenSSL, and provides proof-of-concept implementations for various clients and servers that use OpenSSL as a demonstration…
2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…
By Adam Korczynski and David Korczynski of Ada Logics In late 2024, Alpha-Omega partnered with Ada Logics and the Open Source Technology Improvement Fund (OSTIF) to audit 25 widely used open source projects in the AI and large language model (LLM) ecosystem. This initiative aimed at evaluating the overall security…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of OpenSSF Scorecard. OpenSSF Scorecard is an open source automated testing resource to help projects continually assess security risks. With the help of ADA Logics and the OpenSSF, this project can continue to provide…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of GNU libmicrohttpd2. GNU libmicrohttpd2 is an open source library that “embeds a HTTP or HTTPS daemon into host applications.”* With the help of ADA Logics and the Sovereign Tech Agency, this project has…
OSTIF would not be possible without our fantastic collaborators, partnerships, funders, and friends. Over the past 10 years, we’ve met so many amazing people, several of whom we have the utmost privilege of working with. It is deeply important to us that we give credit where credit is due. OSTIF…
The Open Source Technology Improvement Fund is proud to share the results of our security audits of Apache Log4Net and Log4CXX. Log4CXX is an open source logging framework library for C++, and Log4Net is a library to output log statements to various targets. With the help of Ada Logics and…
OSTIF is proud to share the results of our security audit of Express. Express is an open source web framework for Node.js that prioritizes performance and flexibility. With the help of the OpenJS Foundation and ADA Logics, this project can continue to thrive as a web application framework for users needing lightweight HTTP server tooling. Audit Process:…
OSTIF is proud to share the results of our security audit of the Apache Commons libraries IO, Lang, and Codec. Apache Commons libraries are open source extensions to the Java Development Kit (JDK). With the help of Ada Logics and Amazon Web Services, these three libraries will healthily continue to support…