security audit – OSTIF.org

CloudCustodian Audit Complete!

Post published:April 19, 2024
Post category:ADA Logics Audits News Open Source Security

OSTIF is proud to share the results of our security audit of CloudCustodian. CloudCustodian is an open source rules engine for cloud infrastructure management. Thanks to the help of Ada Logics and the Cloud Native Computing Foundation, this project underwent a third-party security audit to help strengthen CloudCustodian’s security as…

Bref Audit Complete!

Post published:March 29, 2024
Post category:Audits AWS News Open Source Security

OSTIF is proud to share the results of our security audit of Bref. Bref is an open source project that allows developers to go serverless on AWS with PHP. With the help of Shielder and Amazon Web Services, this project has strengthened their foundation of transparency and easy customization for…

Securing Open-Source Infrastructure with Trail of Bits

Post published:January 22, 2024
Post category:Audits News Security Trail of Bits

OSTIF started performing security audits in earnest in 2018, tackling a new level of involvement open source security. That same year was OSTIF’s first collaboration with security firm Trail of Bits, working together to complete an audit of RandomX. Since then our two companies have worked together on 12 security…

In-Flux-ible on bugs- Flux undergoes Security Audit with OSTIF and Trail of Bits

Post published:November 9, 2023
Post category:Audits News Open Source Security Trail of Bits

OSTIF is proud to announce the publication of a security audit on the Kubernetes cluster tooling Flux in collaboration with Trail of Bits. Performed over four engineer weeks, this is the second security audit with OSTIF that Flux has undertaken, the first having taken place in November 2021. Repeated security…

RustVMM Security Audit with OSTIF is Complete!

Post published:November 9, 2023
Post category:AWS News Open Source Security Uncategorized X41-Dsec

OSTIF is pleased to announce the completion of a security audit of the open source project RustVMM in collaboration with X-41 D-Sec GmbH, with funding by Amazon Web Services. The project offers crates to build customized Virtual Machine Monitors (thus, VMM), which can be vulnerable to malicious actors through its…

Our Review of Falco is Complete!

Post published:March 22, 2023
Post category:Audits Open Source QuarksLab Security

Falco joins a growing number of CNCF Projects that completed a third-party security audit organized by OSTIF. A follow up to their 2019 audit, the Falco project requested a new engagement due to changes in the code base since. OSTIF partnered with Quarkslab to complete the audit. An overview of…

Our Audits of Jackson-Core and Jackson-Databind are Complete

Post published:November 2, 2022
Post category:ADA Logics Audits Security

We’re excited to report the results for the security audits of Jackson-Core and Jackson-Databind. Jackson-Core and Jackson-Databind are Java projects that are widely adopted for parsing and binding data. The security review was facilitated by Open Source Technology Improvement Fund backed by the OpenSSF and carried out by Adalogics. The…