zlib Audit Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audit of zlib. Zlib is an open source lossless data-compression library for use on virtually any computer hardware and operating system. Thanks to the efforts of 7ASecurity and the Sovereign Tech Resilience Program, this project underwent…

Continue Readingzlib Audit Complete!

2025 Annual Report

2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…

Continue Reading2025 Annual Report

CRI-O Audit Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audit of CRI-O. CRI-O is an implementation of the Kubernetes Container Runtime Interface (CRI) that is OCI-compliant (-O) that provides the backend between OCI-format container images and the Kubernetes control plane. With the help of…

Continue ReadingCRI-O Audit Complete!

OpenSSF Scorecard Audit is Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audit of OpenSSF Scorecard. OpenSSF Scorecard is an open source automated testing resource to help projects continually assess security risks. With the help of ADA Logics and the OpenSSF, this project can continue to provide…

Continue ReadingOpenSSF Scorecard Audit is Complete!

GNU libmicrohttpd2 Audit Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audit of GNU libmicrohttpd2. GNU libmicrohttpd2 is an open source library that “embeds a HTTP or HTTPS daemon into host applications.”* With the help of ADA Logics and the Sovereign Tech Agency, this project has…

Continue ReadingGNU libmicrohttpd2 Audit Complete!