nghttp3 and ngtcp2 Audits Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audits of nghttp3 and ngtcp2.  Ngtcp2 is an open source project that implements the QUIC network protocol, while nghttp3 implements HTTP/3 to help improve the speed and efficacy issues of HTTP/2. With the help of…

Continue Readingnghttp3 and ngtcp2 Audits Complete!

NATS Audit Complete!

OSTIF is proud to share the results of our security audit of NATS.  NATS is an open source project made by Synadia Communications for secure always-on messaging for a variety of digital formats and clients. With the help of Trail of Bits and the Cloud Native Computing Foundation, this project…

Continue ReadingNATS Audit Complete!

Logback Audit Complete!

OSTIF is proud to share the results of our security audit of Logback.  Logback is an inclusive, fast, and adaptable logging framework for Java. With the help of 7ASecurity and the Sovereign Tech Agency, this project continues to provide reliable and flexible architecture for Java applications.  Audit Process: This engagement…

Continue ReadingLogback Audit Complete!

OSTIF 2024 Annual Report

2024 was the 9th year of OSTIF, and what an exciting and groundbreaking year it was! Our annual report for 2024 starts with the OSTIF story then moves onto our impact, function, partnerships, funding, and future. We didn’t mince words here- it’s a quick read of less than five minutes.…

Continue ReadingOSTIF 2024 Annual Report

Node.js Fuzzing Audit Complete!

OSTIF is proud to share the results of our security audit of Node.js. Node.js is an open source project that is designed to build scalable network applications through asynchronous event-driven JavaScript runtime. With the help of Ada Logics and the OpenJS Foundation, this project will experience deeper fuzzing as it…

Continue ReadingNode.js Fuzzing Audit Complete!