Our Audit of SimpleJSON is complete!

OSTIF is pleased to announce that another audit has reached publication! A security audit of simplejson’s source code was conducted in collaboration with X41.  Found during the audit process were one medium and two low severity issues, as well as nine more informational issues. In addition, custom differential fuzzing harnesses…

Continue ReadingOur Audit of SimpleJSON is complete!

Our Audit of Cilium is Complete!

Results of the Cilium Security Engagement About Cilium Cilium is an open source software for providing, securing and observing network connectivity between container workloads, powered by eBPF sandboxing in the linux kernel. It provides cloud-native network security and observability while maintaining strong security properties itself. Similar tools without eBPF have…

Continue ReadingOur Audit of Cilium is Complete!

Our Audit of Kubernetes Event Driven Autoscaling (KEDA) is Complete!

Results of the KEDA Security Engagement KEDA, or the Kubernetes-based Event Driven Autoscaling project, was reviewed by Trail of Bits at the end of 2022. KEDA joins a growing list of CNCF Projects audited to improve security posture and help reach graduated status thanks to strategic partner OSTIF. A combination…

Continue ReadingOur Audit of Kubernetes Event Driven Autoscaling (KEDA) is Complete!

The OSTIF Audit of Curl with Trail of Bits is Complete

Results of curl Security Audit  By: Amir Montazery, OSTIF Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for curl. In development since 1998, curl is a command line tool and library for transferring data with URLs. Curl is used…

Continue ReadingThe OSTIF Audit of Curl with Trail of Bits is Complete

Results of the CloudEvents Security Assessment

Open Source Technology Improvement Fund, Inc is happy to announce the results of the CloudEvents Security Assessment. CloudEvents is a specification for describing event data in a common way that simplifies event declaration and delivery across services, platforms, and beyond. CloudEvents has a robust network of contributors and active development…

Continue ReadingResults of the CloudEvents Security Assessment

Our Audit of Python-TUF is Complete. Multiple Issues Found and Fixed

Open Source Technology Improvement Fund is thrilled to report the results of another security audit. Python-TUF is a reference implementation written in Python for The Update Framework (TUF); a framework for secure content delivery and updates. The primary result of the work is one medium and four low-severity issues. Details…

Continue ReadingOur Audit of Python-TUF is Complete. Multiple Issues Found and Fixed

The OSTIF Audit of Backstage with X41 D-Sec is Complete!

We’re excited to report the results for the security audit of Backstage. Backstage is a software catalog and development platform that enables teams to quickly ship high-quality code. The security review was facilitated by Open Source Technology Improvement Fund backed by the Cloud Native Computing Foundation and carried out by…

Continue ReadingThe OSTIF Audit of Backstage with X41 D-Sec is Complete!