Our Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.

Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and extends native containerized application orchestration and management to hosts at the edge. The result of this engagement is the finding…

Continue ReadingOur Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.

OSTIF is working with the Open Source Security Foundation on Symfony

  • Post category:NewsSecurity

OSTIF has been working with the Open Source Security Foundation's Securing Critical Projects working group to help identify critical pieces of infrastructure that require focused security attention. Symfony, a widely used PHP framework has consistently been near the top of multiple reports, underscoring the criticality of the project to the…

Continue ReadingOSTIF is working with the Open Source Security Foundation on Symfony

The OSTIF and Quarkslab Audit of OpenSSL is Complete

We would like to thank our sponsors Private Internet Access and DuckDuckGo for helping to fund this security review, as well as all of our  donors and individual supporters. This crucial work doesn’t happen without support from the community. The quick and dirty: OpenSSL version 1.1.1 was evaluated with special foci on new TLS…

Continue ReadingThe OSTIF and Quarkslab Audit of OpenSSL is Complete

OSTIF is Partnering with the Internet Bug Bounty and HackerOne for Bug Bounties!

OSTIF is Partnering with the Internet Bug Bounty and HackerOne for Bug Bounties! The Open Source Technology Improvement Fund will be partnering with the Internet Bug Bounty and HackerOne in a partnership that will get our supported projects listed on HackerOne with no overhead costs! HackerOne is the de-facto site…

Continue ReadingOSTIF is Partnering with the Internet Bug Bounty and HackerOne for Bug Bounties!
Read more about the article The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched
Monero cryptocurrency security theme with businessman on blurred blue light background

The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched

Bulletproofs are a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs are a trustless proofs setup that are substantially smaller than the current Borromean style range proofs that were previously used, which reduces the size of Monero transactions by 80-90%. Monero’s latest network update,…

Continue ReadingThe OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched

The QuarksLab and Kudelski Security audits of Monero Bulletproofs are Complete

Kudelski Security has done a review of Monero Bulletproofs, a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs is a trustless proofs setup that is substantially smaller than the current Borromean style range proofs that are currently used, promising to make Monero transactions 10-20%…

Continue ReadingThe QuarksLab and Kudelski Security audits of Monero Bulletproofs are Complete
Read more about the article OSTIF CEO Derek Zimmer has left VikingVPN to join London Trust Media
business hand pushing transparency button on a touch screen interface

OSTIF CEO Derek Zimmer has left VikingVPN to join London Trust Media

OSTIF CEO Derek Zimmer has left VikingVPN to join London Trust Media The founder of OSTIF has a new day job, working for London Trust Media as the Vice President of Marketing and Strategy. This offer was made after years of working together with Private Internet Access on the OSTIF…

Continue ReadingOSTIF CEO Derek Zimmer has left VikingVPN to join London Trust Media
Read more about the article Stop the Spies – OpenSSL 1.1.1 Fundraiser
Open Source, Man Working on Holographic Interface, Visual Screen

Stop the Spies – OpenSSL 1.1.1 Fundraiser

UPDATE: We are now 81% funded! Keep spreading the word! Matched donations by DuckDuckGo on Crowdrise here: https://www.crowdrise.com/o/en/campaign/ostif1/ostif Ways to contribute for FREE: https://ostif.org/how-to-contribute-to-ostif-for-free/ Donate using a huge number of options here: https://ostif.org/donate What are we working on? OpenSSL powers everything. 70% of the top million websites use OpenSSL to provide encryption…

Continue ReadingStop the Spies – OpenSSL 1.1.1 Fundraiser
Read more about the article OSTIF Financial Report for FY2017
business hand pushing transparency button on a touch screen interface

OSTIF Financial Report for FY2017

2017 Financial Report for the Open Source Technology Improvement Fund, Inc. In 2017 OSTIF experienced substantial growth, and expanded our reach to multiple new areas of computing and software safety. We conducted an audit of OpenVPN 2.4.0 in partnership with QuarksLab and launched our bug bounty program. This document is…

Continue ReadingOSTIF Financial Report for FY2017