Securing Open-Source Infrastructure with Trail of Bits

OSTIF started performing security audits in earnest in 2018, tackling a new level of involvement open source security. That same year was OSTIF’s first collaboration with security firm Trail of Bits, working together to complete an audit of RandomX. Since then our two companies have worked together on 12 security…

Continue ReadingSecuring Open-Source Infrastructure with Trail of Bits

The Buzz about Mosquitto ‘s Security Audit!

Open source project Mosquitto underwent a security audit with OSTIF and Trail of Bits in collaboration with the Eclipse Foundation. The project, which is a message broker for the MQTT protocol, is designed to connect the Internet of Things. Projects that are open to the internet have increased landscape exposure…

Continue ReadingThe Buzz about Mosquitto ‘s Security Audit!

OSTIF’s Audit of Equinox P2 is Complete!

The Eclipse Foundation’s Equinox P2 was audited by Include Security in November 2022. Equinox P2 is a provisioning platform, started by IBM in 2001. The Eclipse Foundation was founded three years later to act as an open, non-for-profit leader of the Eclipse Project community.  OSTIF was contacted by the Foundation,…

Continue ReadingOSTIF’s Audit of Equinox P2 is Complete!

Our Audit of libjpeg-turbo is Complete!

OSTIF and X41 are excited to announce the completion of our security audit of libjpeg-turbo! X-41 DSec and OSTIF collaborated in May of 2023 on a source code audit of libjpeg-turbo, the accelerated JPEG image decoding software.  The audit’s emphasis was on reviewing input validation, memory management practices, and analysis…

Continue ReadingOur Audit of libjpeg-turbo is Complete!

Thank You to DuckDuckGo for Their Continued Support of OSTIF

DuckDuckGo, the privacy search engine, has contributed to OSTIF for a third time by donating $25,000 USD. The charitable giving as part of DuckDuckGo’s annual program Spread Privacy is special, as the funds are not allocated to any specific project. This contribution helps OSTIF tremendously and allows the organization to…

Continue ReadingThank You to DuckDuckGo for Their Continued Support of OSTIF