Open Source Tech Improvement Fund (OSTIF) is proud to announce that our work with Chainguard on the supply chain review of git for Windows is complete. We'd like to thank Adolfo and John Speed at Chainguard for their work on this review, and Turbo at Github for their help connecting…
Results of the Cilium Security Engagement About Cilium Cilium is an open source software for providing, securing and observing network connectivity between container workloads, powered by eBPF sandboxing in the linux kernel. It provides cloud-native network security and observability while maintaining strong security properties itself. Similar tools without eBPF have…
Results of the KEDA Security Engagement KEDA, or the Kubernetes-based Event Driven Autoscaling project, was reviewed by Trail of Bits at the end of 2022. KEDA joins a growing list of CNCF Projects audited to improve security posture and help reach graduated status thanks to strategic partner OSTIF. A combination…
Open Source Technology Improvement Fund is happy to announce the results of the Istio Security Audit. Used by key cloud providers and technology organizations, Istio is an open service mesh platform to connect, manage, and secure microservices. The Security Audit was carried out by the team at ADA Logics. A…
Results of Git Security Audit Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for git. Git is the world's most widely used version control system, and it underpins not only open source, but the vast majority of public and…
Results of curl Security Audit By: Amir Montazery, OSTIF Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for curl. In development since 1998, curl is a command line tool and library for transferring data with URLs. Curl is used…
Open Source Technology Improvement Fund, Inc is happy to announce the results of the CloudEvents Security Assessment. CloudEvents is a specification for describing event data in a common way that simplifies event declaration and delivery across services, platforms, and beyond. CloudEvents has a robust network of contributors and active development…
Open Source Technology Improvement Fund is thrilled to report the results of another security audit. Python-TUF is a reference implementation written in Python for The Update Framework (TUF); a framework for secure content delivery and updates. The primary result of the work is one medium and four low-severity issues. Details…
We’re excited to report the results for the security audit of Backstage. Backstage is a software catalog and development platform that enables teams to quickly ship high-quality code. The security review was facilitated by Open Source Technology Improvement Fund backed by the Cloud Native Computing Foundation and carried out by…
We’re excited to report the results for the security audit of sigstore. Sigstore is a new standard for signing, verifying and protecting software; and has quickly grown into a premier tool for securing the software supply chain. The security review was facilitated by Open Source Technology Improvement Fund and carried…