Our Audit of sigstore is complete. High risk vulnerability found and fixed.

We’re excited to report the results for the security audit of sigstore.  Sigstore is a new standard for signing, verifying and protecting software; and has quickly grown into a premier tool for securing the software supply chain. The security review was facilitated by Open Source Technology Improvement Fund and carried…

Continue ReadingOur Audit of sigstore is complete. High risk vulnerability found and fixed.

OSTIF is working with the Open Source Security Foundation on Symfony

  • Post category:NewsSecurity

OSTIF has been working with the Open Source Security Foundation's Securing Critical Projects working group to help identify critical pieces of infrastructure that require focused security attention. Symfony, a widely used PHP framework has consistently been near the top of multiple reports, underscoring the criticality of the project to the…

Continue ReadingOSTIF is working with the Open Source Security Foundation on Symfony