Our Audit of SimpleJSON is complete!

OSTIF is pleased to announce that another audit has reached publication! A security audit of simplejson’s source code was conducted in collaboration with X41.  Found during the audit process were one medium and two low severity issues, as well as nine more informational issues. In addition, custom differential fuzzing harnesses…

Continue ReadingOur Audit of SimpleJSON is complete!

Amazon Web Services Supports Open Source Technology Improvement Fund

Amazon Web Services Supports Open Source Technology Improvement Fund Amir Montazery, Managing Director, Open Source Technology Improvement Fund, Inc (OSTIF) The OSTIF team is absolutely thrilled to announce that we’ve reached an agreement with Amazon Web Services (AWS) to provide $500,000 in funding. The funding from AWS will help OSTIF…

Continue ReadingAmazon Web Services Supports Open Source Technology Improvement Fund

Our Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.

Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and extends native containerized application orchestration and management to hosts at the edge. The result of this engagement is the finding…

Continue ReadingOur Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.

OSTIF is working with the Open Source Security Foundation on Symfony

  • Post category:NewsSecurity

OSTIF has been working with the Open Source Security Foundation's Securing Critical Projects working group to help identify critical pieces of infrastructure that require focused security attention. Symfony, a widely used PHP framework has consistently been near the top of multiple reports, underscoring the criticality of the project to the…

Continue ReadingOSTIF is working with the Open Source Security Foundation on Symfony

The OSTIF and Quarkslab Audit of OpenSSL is Complete

We would like to thank our sponsors Private Internet Access and DuckDuckGo for helping to fund this security review, as well as all of our  donors and individual supporters. This crucial work doesn’t happen without support from the community. The quick and dirty: OpenSSL version 1.1.1 was evaluated with special foci on new TLS…

Continue ReadingThe OSTIF and Quarkslab Audit of OpenSSL is Complete

OSTIF is Partnering with the Internet Bug Bounty and HackerOne for Bug Bounties!

OSTIF is Partnering with the Internet Bug Bounty and HackerOne for Bug Bounties! The Open Source Technology Improvement Fund will be partnering with the Internet Bug Bounty and HackerOne in a partnership that will get our supported projects listed on HackerOne with no overhead costs! HackerOne is the de-facto site…

Continue ReadingOSTIF is Partnering with the Internet Bug Bounty and HackerOne for Bug Bounties!
Read more about the article The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched
Monero cryptocurrency security theme with businessman on blurred blue light background

The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched

Bulletproofs are a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs are a trustless proofs setup that are substantially smaller than the current Borromean style range proofs that were previously used, which reduces the size of Monero transactions by 80-90%. Monero’s latest network update,…

Continue ReadingThe OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete – Critical Bug Patched

The QuarksLab and Kudelski Security audits of Monero Bulletproofs are Complete

Kudelski Security has done a review of Monero Bulletproofs, a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs is a trustless proofs setup that is substantially smaller than the current Borromean style range proofs that are currently used, promising to make Monero transactions 10-20%…

Continue ReadingThe QuarksLab and Kudelski Security audits of Monero Bulletproofs are Complete