Fastify Audit Complete!

OSTIF is proud to share the results of our security audit of Fastify.  Fastify is an open source overhead web framework for Node.js, which prioritizes speed while maintaining expansibility and approachability. This audit was possible through the efforts of Ada Logics and the support of the OpenJS Foundation. Audit Process: First…

Continue ReadingFastify Audit Complete!

OpenTelemetry Audit Complete!

OSTIF is proud to share the results of our security audit of OpenTelemetry. OpenTelemetry is an open source project for generating and collecting telemetry data for software analysis.  With the help of 7ASecurity and the Cloud Native Computing Foundation (CNCF), this project will experience strengthened security health as it moves…

Continue ReadingOpenTelemetry Audit Complete!

Reasons Why Most Audits are Still Waiting

“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…

Continue ReadingReasons Why Most Audits are Still Waiting

Amazon Web Services & Eclipse Foundation Security Audit Impact Report 2023

In collaboration with Amazon Web Services and the Eclipse Foundation, OSTIF is excited to release our Independent Security Audit Impact Report for 2023! Over the past year, OSTIF worked with 10 projects to complete third-party security audits with funding supplied by AWS and the EF. The engagement oversaw 24 new…

Continue ReadingAmazon Web Services & Eclipse Foundation Security Audit Impact Report 2023

Our Audit of SimpleJSON is complete!

OSTIF is pleased to announce that another audit has reached publication! A security audit of simplejson’s source code was conducted in collaboration with X41.  Found during the audit process were one medium and two low severity issues, as well as nine more informational issues. In addition, custom differential fuzzing harnesses…

Continue ReadingOur Audit of SimpleJSON is complete!

Amazon Web Services Supports Open Source Technology Improvement Fund

Amazon Web Services Supports Open Source Technology Improvement Fund Amir Montazery, Managing Director, Open Source Technology Improvement Fund, Inc (OSTIF) The OSTIF team is absolutely thrilled to announce that we’ve reached an agreement with Amazon Web Services (AWS) to provide $500,000 in funding. The funding from AWS will help OSTIF…

Continue ReadingAmazon Web Services Supports Open Source Technology Improvement Fund

Our Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.

Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and extends native containerized application orchestration and management to hosts at the edge. The result of this engagement is the finding…

Continue ReadingOur Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.