OpenSSF

Read more about the article OSTIF’s Audit of Equinox P2 is Complete!

OSTIF’s Audit of Equinox P2 is Complete!

The Eclipse Foundation’s Equinox P2 was audited by Include Security in November 2022. Equinox P2 is a provisioning platform, started by IBM in 2001. The Eclipse Foundation was founded three years later to act as an open, non-for-profit leader of the Eclipse Project community.  OSTIF was contacted by the Foundation,…

Continue ReadingOSTIF’s Audit of Equinox P2 is Complete!
Read more about the article The OSTIF Independent Security Audit Impact Report

The OSTIF Independent Security Audit Impact Report

Today OSTIF is thrilled to release the Independent Security Audit Impact Report.  This report is the culmination of over a year’s worth of work that OSTIF organized thanks to funding from Google and OpenSSF.  “I am extremely proud of this work and what OSTIF continues to accomplish. Organizations like Google,…

Continue ReadingThe OSTIF Independent Security Audit Impact Report
Read more about the article Our Audits of Jackson-Core and Jackson-Databind are Complete

Our Audits of Jackson-Core and Jackson-Databind are Complete

We’re excited to report the results for the security audits of Jackson-Core and Jackson-Databind. Jackson-Core and Jackson-Databind are Java projects that are widely adopted for parsing and binding data. The security review was facilitated by Open Source Technology Improvement Fund backed by the OpenSSF and carried out by Adalogics. The…

Continue ReadingOur Audits of Jackson-Core and Jackson-Databind are Complete
Read more about the article Our Audit of sigstore is complete. High risk vulnerability found and fixed.

Our Audit of sigstore is complete. High risk vulnerability found and fixed.

We’re excited to report the results for the security audit of sigstore.  Sigstore is a new standard for signing, verifying and protecting software; and has quickly grown into a premier tool for securing the software supply chain. The security review was facilitated by Open Source Technology Improvement Fund and carried…

Continue ReadingOur Audit of sigstore is complete. High risk vulnerability found and fixed.
Read more about the article OSTIF is working with the Open Source Security Foundation on Symfony

OSTIF is working with the Open Source Security Foundation on Symfony

  • Post category:NewsSecurity

OSTIF has been working with the Open Source Security Foundation's Securing Critical Projects working group to help identify critical pieces of infrastructure that require focused security attention. Symfony, a widely used PHP framework has consistently been near the top of multiple reports, underscoring the criticality of the project to the…

Continue ReadingOSTIF is working with the Open Source Security Foundation on Symfony