OSTIF Code of Conduct

by Helen Woeste, Communications and Community Manager Amir and I were in London for State of Open Con earlier this year, where we attended a talk by Kat Cosgrove and Jeremy Rickard called “Are You Not Entertained? Open Source Isn’t a Coliseum.” This presentation was about conflict in community and…

Continue ReadingOSTIF Code of Conduct

nghttp3 and ngtcp2 Audits Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audits of nghttp3 and ngtcp2.  Ngtcp2 is an open source project that implements the QUIC network protocol, while nghttp3 implements HTTP/3 to help improve the speed and efficacy issues of HTTP/2. With the help of…

Continue Readingnghttp3 and ngtcp2 Audits Complete!

Fastify Audit Complete!

OSTIF is proud to share the results of our security audit of Fastify.  Fastify is an open source overhead web framework for Node.js, which prioritizes speed while maintaining expansibility and approachability. This audit was possible through the efforts of Ada Logics and the support of the OpenJS Foundation. Audit Process: First…

Continue ReadingFastify Audit Complete!

OpenTelemetry Audit Complete!

OSTIF is proud to share the results of our security audit of OpenTelemetry. OpenTelemetry is an open source project for generating and collecting telemetry data for software analysis.  With the help of 7ASecurity and the Cloud Native Computing Foundation (CNCF), this project will experience strengthened security health as it moves…

Continue ReadingOpenTelemetry Audit Complete!

Reasons Why Most Audits are Still Waiting

“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…

Continue ReadingReasons Why Most Audits are Still Waiting

Amazon Web Services & Eclipse Foundation Security Audit Impact Report 2023

In collaboration with Amazon Web Services and the Eclipse Foundation, OSTIF is excited to release our Independent Security Audit Impact Report for 2023! Over the past year, OSTIF worked with 10 projects to complete third-party security audits with funding supplied by AWS and the EF. The engagement oversaw 24 new…

Continue ReadingAmazon Web Services & Eclipse Foundation Security Audit Impact Report 2023

Our Audit of SimpleJSON is complete!

OSTIF is pleased to announce that another audit has reached publication! A security audit of simplejson’s source code was conducted in collaboration with X41.  Found during the audit process were one medium and two low severity issues, as well as nine more informational issues. In addition, custom differential fuzzing harnesses…

Continue ReadingOur Audit of SimpleJSON is complete!