Audit of Jackson-Dataformats and Jackson-Datatypes Complete

OSTIF is proud to share the results of our security audit of Jackson subprojects. Jackson-dataformats-binary, Jackson-dataformats-text, Jackson-dataformat-xml, Jackson-datatype-joda, and Jackson-datatypes-collections are open source subprojects that contribute to Jackson (described as “JSON for Java”). With the help of Ada Logics and the Sovereign Tech Fund, these subprojects will be more secure…

Continue ReadingAudit of Jackson-Dataformats and Jackson-Datatypes Complete

2023 Cloud Native Computing Foundation Audit Impact Report

We at OSTIF are excited to announce the 2023 Cloud Native Computing Foundation Audit Impact Report. This is the second year of the program between the two organizations, which combines funding and projects from the CNCF with OSTIF’s auditing resources to synthesize security engagements. Over the last two years, this collaboration…

Continue Reading2023 Cloud Native Computing Foundation Audit Impact Report

50th Audit Milestone

Open Source Technology Improvement Fund (OSTIF) is beyond proud to announce the completion of our 50th security audit. Since 2015, the nonprofit organization has worked to provide actualized security support to open source projects in a way that is transparent, public, and impactful. We work with open source projects that…

Continue Reading50th Audit Milestone

The Buzz about Mosquitto ‘s Security Audit!

Open source project Mosquitto underwent a security audit with OSTIF and Trail of Bits in collaboration with the Eclipse Foundation. The project, which is a message broker for the MQTT protocol, is designed to connect the Internet of Things. Projects that are open to the internet have increased landscape exposure…

Continue ReadingThe Buzz about Mosquitto ‘s Security Audit!

OSTIF Has Completed A Security Audit of wasmCloud!

OSTIF and wasmCloud collaborated with Trail of Bits on a security audit of the application which is a deployment platform for distributed Wasm application development. The engagement priorities are listed as, but not limited to: wasmCloud sandboxing capabilities of user-provided code, if users were appropriately limited in their accessible features…

Continue ReadingOSTIF Has Completed A Security Audit of wasmCloud!