The Open Source Technology Improvement Fund is proud to share the results of our security audit of Scala. Scala is a modern multi-paradigm programming language designed to express common programming patterns in a concise, elegant, and type-safe way. It seamlessly integrates features of object-oriented and functional languages. To improve the…
2025 Bug of the Year Award The Open Source Technology Improvement Fund is a non profit organization that specializes in security engagements for open source projects. We create bridges between the complex web of entities that are necessary to carry out a third party security audit. A cornerstone of that…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Stork. Stork is an open source project developed by the Internet Systems Consortium (ISC) that acts as an administrative interface for monitoring, maintaining, and surveilling Kea servers. With the help of 7ASecurity, this…
OSTIF would not be possible without our fantastic collaborators, partnerships, funders, and friends. Over the past 10 years, we’ve met so many amazing people, several of whom we have the utmost privilege of working with. It is deeply important to us that we give credit where credit is due. OSTIF…
Reflection by Communications, Operations, and Community Manager Helen Woeste Amir, Derek, and I joined a few thousand open source community members in Amsterdam for the Open Source Summit EU and attached OpenSSF Community Day. While Derek and Amir are no strangers to conferences, this was only my second OS Summit…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of PowSyBl. PowSyBl is an open source library for energy grid modeling, visualization, and simulation. With the help of Ada Logics and Linux Foundation Energy, this project manages electrical grids and provides users with…
The Open Source Technology Improvement Fund is proud to share the results of our security audits of Apache Log4Net and Log4CXX. Log4CXX is an open source logging framework library for C++, and Log4Net is a library to output log statements to various targets. With the help of Ada Logics and…
2024 was the 9th year of OSTIF, and what an exciting and groundbreaking year it was! Our annual report for 2024 starts with the OSTIF story then moves onto our impact, function, partnerships, funding, and future. We didn’t mince words here- it’s a quick read of less than five minutes.…
OSTIF is proud to share the results of our security audit of Fastify. Fastify is an open source overhead web framework for Node.js, which prioritizes speed while maintaining expansibility and approachability. This audit was possible through the efforts of Ada Logics and the support of the OpenJS Foundation. Audit Process: First…
“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…