The OSTIF Audit of Backstage with X41 D-Sec is Complete!

We’re excited to report the results for the security audit of Backstage. Backstage is a software catalog and development platform that enables teams to quickly ship high-quality code. The security review was facilitated by Open Source Technology Improvement Fund backed by the Cloud Native Computing Foundation and carried out by…

Continue ReadingThe OSTIF Audit of Backstage with X41 D-Sec is Complete!

Our Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.

Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and extends native containerized application orchestration and management to hosts at the edge. The result of this engagement is the finding…

Continue ReadingOur Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.

OSTIF has Received Another Contribution from DuckDuckGo

Duckduckgo, the privacy search engine, has contributed to OSTIF for a second time by donating $25,000 USD. Their site that tracks their charitable donations Spread Privacy has the official announcement. These funds are not allocated to any specific project, which helps OSTIF tremendously by allowing us to spend resources on…

Continue ReadingOSTIF has Received Another Contribution from DuckDuckGo

OSTIF is working with the Open Source Security Foundation on Symfony

  • Post category:NewsSecurity

OSTIF has been working with the Open Source Security Foundation's Securing Critical Projects working group to help identify critical pieces of infrastructure that require focused security attention. Symfony, a widely used PHP framework has consistently been near the top of multiple reports, underscoring the criticality of the project to the…

Continue ReadingOSTIF is working with the Open Source Security Foundation on Symfony

Google is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software

Announcement:  Google is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software.  OSTIF is elated to announce that we are planning to improve security of eight open-source projects thanks to support from the Google Open Source Security Team. This marks a major…

Continue ReadingGoogle is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software

A Review of the Linux Kernel’s Vulnerability Reporting and Remediation

The Linux Foundation has sponsored a review of the Linux Kernel's practices and policies around how security vulnerabilities are reported to the kernel team, how those reports are processed and addressed, and how those vulnerabilities are disclosed to the public. OSTIF, working with the team at Atredis Partners and a…

Continue ReadingA Review of the Linux Kernel’s Vulnerability Reporting and Remediation

The OSTIF and Quarkslab Audit of OpenSSL is Complete

We would like to thank our sponsors Private Internet Access and DuckDuckGo for helping to fund this security review, as well as all of our  donors and individual supporters. This crucial work doesn’t happen without support from the community. The quick and dirty: OpenSSL version 1.1.1 was evaluated with special foci on new TLS…

Continue ReadingThe OSTIF and Quarkslab Audit of OpenSSL is Complete
Read more about the article OSTIF in 2019 – What to Expect
business hand pushing transparency button on a touch screen interface

OSTIF in 2019 – What to Expect

It has been a while since we have done a round of updates on what we are working on. We have a number of projects that are currently active and more starting up. Throughout 2019 we expect to finish more than twice as many total projects and to continue with…

Continue ReadingOSTIF in 2019 – What to Expect