The Open Source Technology Improvement Fund is proud to share the results of our security work on the BOLT binary scanner for LLVM. LLVM is an open source compiler for translating human-readable source code for machine-readable hardware. In 2024, Arm engineer Kristof Beyls developed a static binary analyzer on BOLT,…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Scala. Scala is a modern multi-paradigm programming language designed to express common programming patterns in a concise, elegant, and type-safe way. It seamlessly integrates features of object-oriented and functional languages. To improve the…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Paramiko. Paramiko is an open source Python implementation of the SSHv2 protocol designed for secure remote login and other secure network services. Thanks to the help of Quarkslab and Alpha-Omega, this project received…
2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of EVerest. EVerest is an open source project hosted by LF Energy, which functions as a firmware stack for EV charging stations. Thanks to efforts by Quarkslab and with support from LF Energy, EVerest…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Bitcoin Core. Bitcoin core, the reference implementation of the Bitcoin protocol, is an open source cryptocurrency with assets valued at several billion USD. With the help of Quarkslab, Brink, and Chaincode Labs, this…
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our security audit of KubeVirt. KubeVirt is short for Kubernetes Virtualization, as the project is an API and runtime for managing virtual machines. With the help of Quarkslab and the Cloud Native Computing Foundation (CNCF), this…
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our documentation audit of PHP. Specifically, the open source implementation of the interpreter for the PHP scripting language, which is popular in use for web development. As a result of this collaboration with OSTIF, Quarkslab, and…
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our security audit of PHP Specifically, the open source implementation of the interpreter for the PHP scripting language, which is popular in use for web development. As a result of this collaboration with OSTIF, Quarkslab, and…
OSTIF is proud to share the results of our second security audit of Notary Project. Notary Project is “a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts.”* With the help of Quarkslab and…