OSTIF is proud to share the results of our security audit of CloudCustodian. CloudCustodian is an open source rules engine for cloud infrastructure management. Thanks to the help of Ada Logics and the Cloud Native Computing Foundation, this project underwent a third-party security audit to help strengthen CloudCustodian’s security as…
OSTIF is proud to share the results of our security audit of cert-manager. Cert-manager is an open source project for certificate management in Kubernetes. With the help of Ada Logics and the Cloud Native Computing Foundation, this project can apply for graduation through the CNCF. Audit Process: In order to…
OSTIF started performing security audits in earnest in 2018, tackling a new level of involvement open source security. That same year was OSTIF’s first collaboration with security firm Trail of Bits, working together to complete an audit of RandomX. Since then our two companies have worked together on 12 security…
In collaboration with Amazon Web Services and the Eclipse Foundation, OSTIF is excited to release our Independent Security Audit Impact Report for 2023! Over the past year, OSTIF worked with 10 projects to complete third-party security audits with funding supplied by AWS and the EF. The engagement oversaw 24 new…
OSTIF and the CNCF are proud to announce the completion of a security audit of CubeFS. The project, which provides cloud-native storage across a variety of access protocols, was audited by the team at Ada Logics during the Fall of 2023. The security audit for CubeFS was designed to be…
This year for OSTIF has been beyond our expectations and hopes. We’ve worked hard for open source security, bonding with new collaborators while growing our network to provide projects with help from experts. We completed almost 200% more projects than in 2022, hired a new full-time employee, and forged partnerships…
Open source project Mosquitto underwent a security audit with OSTIF and Trail of Bits in collaboration with the Eclipse Foundation. The project, which is a message broker for the MQTT protocol, is designed to connect the Internet of Things. Projects that are open to the internet have increased landscape exposure…
The Eclipse Foundation’s Equinox P2 was audited by Include Security in November 2022. Equinox P2 is a provisioning platform, started by IBM in 2001. The Eclipse Foundation was founded three years later to act as an open, non-for-profit leader of the Eclipse Project community. OSTIF was contacted by the Foundation,…
OSTIF and X41 are excited to announce the completion of our security audit of libjpeg-turbo! X-41 DSec and OSTIF collaborated in May of 2023 on a source code audit of libjpeg-turbo, the accelerated JPEG image decoding software. The audit’s emphasis was on reviewing input validation, memory management practices, and analysis…
DuckDuckGo, the privacy search engine, has contributed to OSTIF for a third time by donating $25,000 USD. The charitable giving as part of DuckDuckGo’s annual program Spread Privacy is special, as the funds are not allocated to any specific project. This contribution helps OSTIF tremendously and allows the organization to…