We’re excited to report the results for the security audit of Backstage. Backstage is a software catalog and development platform that enables teams to quickly ship high-quality code. The security review was facilitated by Open Source Technology Improvement Fund backed by the Cloud Native Computing Foundation and carried out by X41 D-Sec.

The goal of security audits is to find vulnerabilities so they can be fixed before attackers exploit them, as well as to identify opportunities to harden a project’s implementation and processes to counter vulnerabilities in the future. The Backstage team demonstrated a strong commitment to improving security posture by requesting independent review and actively participating in the audit process.

The results of the security audit are 12 security findings (2 Critical, 2 High, 5 Medium, 3 Low) as well as 15 other security hardening recommendations. 

The serious issues identified through this engagement have been fixed and validated by the x41 team. See below for the full report. 

A big thank you to the Cloud Native Computing Foundation for supporting the work and funding the audit. Furthermore, thank you to the X41 team for executing the audit and working with us to make and validate fixes. 

Also special thanks to Helen Greul, Patrik Oldsberg, Himanshu Mishra Francesco Corti, Lee Mills, Markus Vervier, Eric Sesterhenn for their roles in the engagement. 

Proactive security audits go a long way in detecting and fixing vulnerabilities. Everyone around the world depends on OSS, and we would love to do more security audits! If you’re interested in financially supporting this work, contact [email protected].


Link to full report: https://ostif.org/wp-content/uploads/2022/08/X41-Backstage-Audit-2022-for-Publication.pdf