The Open Source Technology Improvement Fund is proud to share the results of our security audit of LibVLC. LibVLC is the open source core engine and foundation of VLC media player. With auditing by Trail of Bits and funding provided by the Sovereign Tech Agency, LibVLC received scoped security work,…
2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…
OSTIF is proud to share the results of our security audit of Temurin. Temurin is an open source project for building high performing Java runtime binaries. With the help of Trail of Bits and the Eclipse Foundation, this project will continue to securely support users who develop Java codes across…
OSTIF is proud to share the results of our security audit of cURL HTTP/3. cURL is an open source command line tool and library, the most widely used HTTP client software in the world. This engagement was for the new components of HTTP/3 in cURL. With the help of Trail…
OSTIF started performing security audits in earnest in 2018, tackling a new level of involvement open source security. That same year was OSTIF’s first collaboration with security firm Trail of Bits, working together to complete an audit of RandomX. Since then our two companies have worked together on 12 security…
Open source project Mosquitto underwent a security audit with OSTIF and Trail of Bits in collaboration with the Eclipse Foundation. The project, which is a message broker for the MQTT protocol, is designed to connect the Internet of Things. Projects that are open to the internet have increased landscape exposure…
OSTIF is proud to announce the publication of a security audit on the Kubernetes cluster tooling Flux in collaboration with Trail of Bits. Performed over four engineer weeks, this is the second security audit with OSTIF that Flux has undertaken, the first having taken place in November 2021. Repeated security…
OSTIF is pleased to announce the completion of a security audit of Eclipse Jetty in collaboration with the Eclipse Foundation and Trail of Bits. This audit was a part of a package of work organized and managed by OSTIF to provide security engagements to Eclipse Foundation projects. With funding and…
OSTIF and wasmCloud collaborated with Trail of Bits on a security audit of the application which is a deployment platform for distributed Wasm application development. The engagement priorities are listed as, but not limited to: wasmCloud sandboxing capabilities of user-provided code, if users were appropriately limited in their accessible features…
OSTIF and Trail of Bits coordinated and executed a security audit of Eclipse JKube, an Eclipse Foundation project. Eclipse JKube is an assembly of plugins and libraries for building container images using Docker, JIB or S2I build strategies. The project escorts Java applications to Kubernetes and OpenShift by forcing through…