OSTIF is proud to share the results of our fuzzing audit of LLVM. The LLVM project is a compilation of modular and reusable compiler and toolchain technology. Having completed this fuzzing audit with the help of Ada Logics and the Sovereign Tech Fund, LLVM can experience a deeper and more…
OSTIF is proud to share the results of our security audit of Jackson subprojects. Jackson-dataformats-binary, Jackson-dataformats-text, Jackson-dataformat-xml, Jackson-datatype-joda, and Jackson-datatypes-collections are open source subprojects that contribute to Jackson (described as “JSON for Java”). With the help of Ada Logics and the Sovereign Tech Fund, these subprojects will be more secure…
In collaboration with Amazon Web Services and the Eclipse Foundation, OSTIF is excited to release our Independent Security Audit Impact Report for 2023! Over the past year, OSTIF worked with 10 projects to complete third-party security audits with funding supplied by AWS and the EF. The engagement oversaw 24 new…
Open Source Technology Improvement Fund (OSTIF) is beyond proud to announce the completion of our 50th security audit. Since 2015, the nonprofit organization has worked to provide actualized security support to open source projects in a way that is transparent, public, and impactful. We work with open source projects that…
This year for OSTIF has been beyond our expectations and hopes. We’ve worked hard for open source security, bonding with new collaborators while growing our network to provide projects with help from experts. We completed almost 200% more projects than in 2022, hired a new full-time employee, and forged partnerships…
DuckDuckGo has for the third year in a row generously donated $25,000 to the Open Source Technology Improvement Fund as part of its annual charitable donations program. OSTIF works full time on funding open source security projects and engagements and collaborating directly with security teams and project maintainers from around…
OSTIF is proud to announce the publication of a security audit on the Kubernetes cluster tooling Flux in collaboration with Trail of Bits. Performed over four engineer weeks, this is the second security audit with OSTIF that Flux has undertaken, the first having taken place in November 2021. Repeated security…
It has been a while since we have told you all what we are up to. We have a number of news items to cover in the coming weeks, including updates to our transparency, bringing on additional staff, development of guide videos for all of our supported software applications on…