The Open Source Technology Improvement Fund is proud to share the results of our security audit of MaterialX. MaterialX is an open source project hosted at the Academy Software Foundation for “representing rich material and look-development content in computer graphics, enabling its platform-independent description and exchange across applications and renderers,”…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of PowSyBl. PowSyBl is an open source library for energy grid modeling, visualization, and simulation. With the help of Ada Logics and Linux Foundation Energy, this project manages electrical grids and provides users with…
If you can’t throw yourself a party, what’s the point? That was our train of thought when brainstorming earlier this year about how we wanted to celebrate our 10 year anniversary. Thriving as a non-profit startup in an incredibly competitive and difficult sector to break into, much less be successful…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Ruby on Rails. Ruby on Rails (or “Rails”) is an open source full stack web-application framework. Thanks to the help of X41 D-Sec, GitLab, and the Sovereign Tech Agency, Rails can provide more…
by Helen Woeste, Communications and Community Manager Amir and I were in London for State of Open Con earlier this year, where we attended a talk by Kat Cosgrove and Jeremy Rickard called “Are You Not Entertained? Open Source Isn’t a Coliseum.” This presentation was about conflict in community and…
The Open Source Technology Improvement Fund is proud to share the results of our security audits of nghttp3 and ngtcp2. Ngtcp2 is an open source project that implements the QUIC network protocol, while nghttp3 implements HTTP/3 to help improve the speed and efficacy issues of HTTP/2. With the help of…
OSTIF is proud to share the results of our security audit of LitmusChaos. LitmusChaos is an open source chaos engineering platform for a multitude of cloud platforms. With the help of 7ASecurity and the Cloud Native Computing Foundation, this project can continue to provide secure chaos testing environments for developers. …
OSTIF is proud to share the results of our security audit of Fastify. Fastify is an open source overhead web framework for Node.js, which prioritizes speed while maintaining expansibility and approachability. This audit was possible through the efforts of Ada Logics and the support of the OpenJS Foundation. Audit Process: First…
OSTIF is proud to share the results of our security audit of OpenTelemetry. OpenTelemetry is an open source project for generating and collecting telemetry data for software analysis. With the help of 7ASecurity and the Cloud Native Computing Foundation (CNCF), this project will experience strengthened security health as it moves…
“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…