OSTIF is proud to share the results of our security audit of Fastify. Fastify is an open source overhead web framework for Node.js, which prioritizes speed while maintaining expansibility and approachability. This audit was possible through the efforts of Ada Logics and the support of the OpenJS Foundation. Audit Process: First…
OSTIF is proud to share the results of our security audit of Cloud Native Buildpacks. Cloud Native Buildpacks (or "Buildpacks") is an open source tool for making container images for any cloud directly from the application source code. With the help of Quarkslab and the Cloud Native Computing Foundation (CNCF),…
“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…
Why OSTIF? There’s a lot of misconceptions that cause stagnation when it comes to procuring and participating in security audits. How does one even begin to get an audit, much less fund it? There is too much work involved, and not enough help from the auditors. It’s just a way…
OSTIF is proud to share the results of our security audit of CloudCustodian. CloudCustodian is an open source rules engine for cloud infrastructure management. Thanks to the help of Ada Logics and the Cloud Native Computing Foundation, this project underwent a third-party security audit to help strengthen CloudCustodian’s security as…
OSTIF is proud to share the results of our security audit of cert-manager. Cert-manager is an open source project for certificate management in Kubernetes. With the help of Ada Logics and the Cloud Native Computing Foundation, this project can apply for graduation through the CNCF. Audit Process: In order to…
OSTIF started performing security audits in earnest in 2018, tackling a new level of involvement open source security. That same year was OSTIF’s first collaboration with security firm Trail of Bits, working together to complete an audit of RandomX. Since then our two companies have worked together on 12 security…
In collaboration with Amazon Web Services and the Eclipse Foundation, OSTIF is excited to release our Independent Security Audit Impact Report for 2023! Over the past year, OSTIF worked with 10 projects to complete third-party security audits with funding supplied by AWS and the EF. The engagement oversaw 24 new…
OSTIF and the CNCF are proud to announce the completion of a security audit of CubeFS. The project, which provides cloud-native storage across a variety of access protocols, was audited by the team at Ada Logics during the Fall of 2023. The security audit for CubeFS was designed to be…
This year for OSTIF has been beyond our expectations and hopes. We’ve worked hard for open source security, bonding with new collaborators while growing our network to provide projects with help from experts. We completed almost 200% more projects than in 2022, hired a new full-time employee, and forged partnerships…