Node.js Fuzzing Audit Complete!

OSTIF is proud to share the results of our security audit of Node.js. Node.js is an open source project that is designed to build scalable network applications through asynchronous event-driven JavaScript runtime. With the help of Ada Logics and the OpenJS Foundation, this project will experience deeper fuzzing as it…

Continue ReadingNode.js Fuzzing Audit Complete!

Express Audit Complete!

OSTIF is proud to share the results of our security audit of Express. Express is an open source web framework for Node.js that prioritizes performance and flexibility. With the help of the OpenJS Foundation and ADA Logics, this project can continue to thrive as a web application framework for users needing lightweight HTTP server tooling. Audit Process:…

Continue ReadingExpress Audit Complete!

OperatorFabric Audit Complete!

OSTIF is proud to share the results of our security audit of OperatorFabric. OperatorFabric is an open source industrial platform for utility operations. With the help of Quarkslab and Linux Foundation Energy (LF Energy), this project will continue to provide secure, centralized business operations for users and high-quality service to…

Continue ReadingOperatorFabric Audit Complete!

Fastify Audit Complete!

OSTIF is proud to share the results of our security audit of Fastify.  Fastify is an open source overhead web framework for Node.js, which prioritizes speed while maintaining expansibility and approachability. This audit was possible through the efforts of Ada Logics and the support of the OpenJS Foundation. Audit Process: First…

Continue ReadingFastify Audit Complete!

Cloud Native Buildpacks Audit Complete!

OSTIF is proud to share the results of our security audit of Cloud Native Buildpacks. Cloud Native Buildpacks (or "Buildpacks") is an open source tool for making container images for any cloud directly from the application source code. With the help of Quarkslab and the Cloud Native Computing Foundation (CNCF),…

Continue ReadingCloud Native Buildpacks Audit Complete!

Reasons Why Most Audits are Still Waiting

“Audits cost too much” We’ve seen what happens in the open source ecosystem when audits are deferred – those vulnerabilities assumed to not exist are discovered, and the aftermath is a project, community, and entire ecosystem in shambles. If you ask those authors if they made the right choice deferring…

Continue ReadingReasons Why Most Audits are Still Waiting

Why OSTIF?

Why OSTIF? There’s a lot of misconceptions that cause stagnation when it comes to procuring and participating in security audits. How does one even begin to get an audit, much less fund it? There is too much work involved, and not enough help from the auditors. It’s just a way…

Continue ReadingWhy OSTIF?