We’re excited to report the results for the security audit of Backstage. Backstage is a software catalog and development platform that enables teams to quickly ship high-quality code. The security review was facilitated by Open Source Technology Improvement Fund backed by the Cloud Native Computing Foundation and carried out by…
Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and extends native containerized application orchestration and management to hosts at the edge. The result of this engagement is the finding…
We have been working with the team over at the Flux project on a security review and improving their tooling. The Cloud Native Computing Foundation contacted us a few months ago and wanted to facilitate both improving the testing infrastructure and to manually review Flux's source code. We selected ADA…
Duckduckgo, the privacy search engine, has contributed to OSTIF for a second time by donating $25,000 USD. Their site that tracks their charitable donations Spread Privacy has the official announcement. These funds are not allocated to any specific project, which helps OSTIF tremendously by allowing us to spend resources on…
OSTIF has been working with the Open Source Security Foundation's Securing Critical Projects working group to help identify critical pieces of infrastructure that require focused security attention. Symfony, a widely used PHP framework has consistently been near the top of multiple reports, underscoring the criticality of the project to the…
Announcement: Google is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software. OSTIF is elated to announce that we are planning to improve security of eight open-source projects thanks to support from the Google Open Source Security Team. This marks a major…
The Linux Foundation has sponsored a review of the Linux Kernel's practices and policies around how security vulnerabilities are reported to the kernel team, how those reports are processed and addressed, and how those vulnerabilities are disclosed to the public. OSTIF, working with the team at Atredis Partners and a…
We have just completed our review of OpenSSL 1.1.1 with QuarksLab, and we are moving on to our next big project, Unbound DNS! What is Unbound and Why is it Important? One of the core functions of the internet is domain name resolution. This means that when you type in…
We would like to thank our sponsors Private Internet Access and DuckDuckGo for helping to fund this security review, as well as all of our donors and individual supporters. This crucial work doesn’t happen without support from the community. The quick and dirty: OpenSSL version 1.1.1 was evaluated with special foci on new TLS…
It has been a while since we have done a round of updates on what we are working on. We have a number of projects that are currently active and more starting up. Throughout 2019 we expect to finish more than twice as many total projects and to continue with…