The Bridge to Improving Security: How OSTIF Helps Foundations

Over the duration of multiple programs with funders, we’ve heard firsthand their needs. Executives know they have the budget and desire to fund security, but need help with how to start generating outcomes. To create and sustain open source security programs requires dedicated administration work, experience with the open source…

Continue ReadingThe Bridge to Improving Security: How OSTIF Helps Foundations

EU-STF and OSTIF

The open source community has been abuzz for the past two years about European governance in open source software. From casual meetups to professional conferences, the implication of government funding and regulation of the free-use software sector has resulted in heavily debated discourse around the legal, financial, societal, and functional…

Continue ReadingEU-STF and OSTIF

OpenEXR Audit Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audit of OpenEXR,  a project at the Academy Software Foundation. OpenEXR is an open source specification and reference implementation of the EXR file format, which “accurately and efficiently represents high-dynamic-range scene-linear image data,” (https://openexr.com/en/latest/). With…

Continue ReadingOpenEXR Audit Complete!

MaterialX Audit Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audit of MaterialX. MaterialX is an open source project hosted at the Academy Software Foundation for “representing rich material and look-development content in computer graphics, enabling its platform-independent description and exchange across applications and renderers,”…

Continue ReadingMaterialX Audit Complete!

conda-forge Audit Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audit of conda-forge. conda-forge is a community-driven open source repository of conda package manager recipes. With the help of 7ASecurity and the Sovereign Tech Agency, this project has invested in its longevity and security health…

Continue Readingconda-forge Audit Complete!

nghttp3 and ngtcp2 Audits Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audits of nghttp3 and ngtcp2.  Ngtcp2 is an open source project that implements the QUIC network protocol, while nghttp3 implements HTTP/3 to help improve the speed and efficacy issues of HTTP/2. With the help of…

Continue Readingnghttp3 and ngtcp2 Audits Complete!

NATS Audit Complete!

OSTIF is proud to share the results of our security audit of NATS.  NATS is an open source project made by Synadia Communications for secure always-on messaging for a variety of digital formats and clients. With the help of Trail of Bits and the Cloud Native Computing Foundation, this project…

Continue ReadingNATS Audit Complete!