The Open Source Technology Improvement Fund is a corporate non-profit organization that connects open-source security projects with much needed funding and logistical support. We do this through public fund-raising and the solicitation of donations from corporate and government donors.

Now more than ever, the world needs strong open-source security software. Because of the lack of a profit motive, core open-source projects are woefully underfunded and their resources are lacking.

This leaves crucial Internet infrastructure susceptible to bugs, poor documentation, poor performance, slow release schedules, and even espionage. OSTIF funds and supports the most critical open-source projects, with the aim of strengthening the security of the entire Internet.

OSTIF enhances security for users everywhere.

We do this through security reviews. A focused and correctly scoped security review, executed by an experienced team, results in significant and long-lasting improvements to software.

Our expert reviews have resulted in hundreds of bug patches, including over 20 with a Critical or High severity. As a result, we have made the Internet safer for users all over the world.

OSTIF’s Audit Process

Step 1: Coordinate

OSTIF meets with you one-on-one to understand your needs and define a preliminary scope. Bids are collected from a diverse network of auditors and analyzed based on cost and expertise.

Step 2: Audit

After approval, the audit team gets to work. You are provided with updates as the review progresses. OSTIF manages the process and acts as a neutral party to handle any questions or concerns.

Step 3: Patch

Auditors supply you with the results of the evaluation and assist with fixes and strengthening the code. This process allows for lasting impact on the software’s security.

Step 4: Release Report and Maintain

The updated code and audit report are released to the public. This provides assurance to users that the software has been expertly reviewed.

A security audit can provide quick project improvments, but are just the beginning of a long-term maintenance process. All of our security work includes evaluations of tooling and practices to close classes of bugs that prevent future threats from ever surfacing.

Why Open-Source Projects and Corporate Clients Partner With OSTIF

OSTIF’s mission is to improve the long-term security and sustainability of critical open-source projects. Our vision is to be a premier partner and advocate for advancing the security of open-source software. We do this by helping organizations and communities gain access to better security resources. OSTIF has spent over six years developing a deep network of security experts, audit groups, corporate representatives, and FOSS advocates, all working to fulfill its mission.

Open-source projects and corporations of all sizes partner with OSTIF because we make the process incredibly easy. We provide end-to-end assistance with every phase of a security project.


We work with you one-on-one to help identify appropriate areas of code coverage for your project’s security review, and select a scope that gives your project the most benefit.


We have spent years building a network of vetted security partners, who all bid on your project. Our bidding and scoping process results in significant cost savings and assurance that the review is focused on the right things.

Quality Control

We closely monitor the audit process as it proceeds, and act as a mediator in disputes over the reporting and severity of security bugs that are found.

Banking and Administration

We provide a place to fund-raise for your project without needlessly spending months creating a formal business entity. Furthermore, our nonprofit status provides further cost and tax benefits.

Procuring high quality audit resources while keeping costs in check requires a significant amount of scoping and coordination. OSTIF handles the process from start to finish and delivers an audit report to document the process and fixes. Our bidding process and diverse network ensures that costs are managed, and audits are correctly scoped and staffed.

Connecting Security Experts

We maintain a global community of researchers and auditors who specialize in open-source security, and can quickly organize major initiatives when the need arises.

Our team navigates the complexities of procuring security resources so you don’t have to.

Learn more about OSTIF »

Cost-effective and productive audits

Leading research suggests that focused, properly scoped security reviews result in significant and impactful improvements.

Our proven methodology and deep expertise allow us to deliver audits effectively and efficiently.

OSTIF supported projects »

If your team is interested in procuring a security review with OSTIF, or if you have questions and want to learn more, get in touch with us! We have learned that a personal touch and hands-on approach creates better results. The best way to contact us is to e-mail our Executive Director directly with a brief introduction and the best way to contact you. His email is shown below: