The OSTIF Independent Security Audit Impact Report

Today OSTIF is thrilled to release the Independent Security Audit Impact Report.  This report is the culmination of over a year’s worth of work that OSTIF organized thanks to funding from Google and OpenSSF.  “I am extremely proud of this work and what OSTIF continues to accomplish. Organizations like Google,…

Continue ReadingThe OSTIF Independent Security Audit Impact Report

Our Audits of Jackson-Core and Jackson-Databind are Complete

We’re excited to report the results for the security audits of Jackson-Core and Jackson-Databind. Jackson-Core and Jackson-Databind are Java projects that are widely adopted for parsing and binding data. The security review was facilitated by Open Source Technology Improvement Fund backed by the OpenSSF and carried out by Adalogics. The…

Continue ReadingOur Audits of Jackson-Core and Jackson-Databind are Complete

Our Audit of sigstore is complete. High risk vulnerability found and fixed.

We’re excited to report the results for the security audit of sigstore.  Sigstore is a new standard for signing, verifying and protecting software; and has quickly grown into a premier tool for securing the software supply chain. The security review was facilitated by Open Source Technology Improvement Fund and carried…

Continue ReadingOur Audit of sigstore is complete. High risk vulnerability found and fixed.

OSTIF is working with the Open Source Security Foundation on Symfony

  • Post category:NewsSecurity

OSTIF has been working with the Open Source Security Foundation's Securing Critical Projects working group to help identify critical pieces of infrastructure that require focused security attention. Symfony, a widely used PHP framework has consistently been near the top of multiple reports, underscoring the criticality of the project to the…

Continue ReadingOSTIF is working with the Open Source Security Foundation on Symfony