Cortex Audit Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security audit of Cortex. Cortex functions as a long-term, multi-tenant scalable open source storage for Prometheus and OpenTelemetry. Thanks to Quarkslab and the Cloud Native Computing Foundation (CNCF), Cortex received custom review and documentation for current…

Continue ReadingCortex Audit Complete!

BOLT Security Engagement Complete!

The Open Source Technology Improvement Fund is proud to share the results of our security work on the BOLT binary scanner for LLVM.  LLVM is an open source compiler for translating human-readable source code for machine-readable hardware. In 2024, Arm engineer Kristof Beyls developed a static binary analyzer on BOLT,…

Continue ReadingBOLT Security Engagement Complete!

2025 Annual Report

2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…

Continue Reading2025 Annual Report