The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our security audit of PHP Specifically, the open source implementation of the interpreter for the PHP scripting language, which is popular in use for web development. As a result of this collaboration with OSTIF, Quarkslab, and The PHP Foundation, PHP was able to harden and improve security ahead of its 8.4 release. | OSTIF.org
Open Source Technology Improvement Fund| ostif.org
The team at OSTIF is honored and excited to announce that for a fifth consecutive year we are a recipient of the DuckDuckGo Charitable Donations Program. The privilege of receiving this donation a fifth time is not lost on us, and reinforces that our mission is being carried out effectively and loudly. We number among […]| OSTIF.org
The Open Source Technology Improvement Fund is proud to share the results of our security audit of GNU libmicrohttpd2. GNU libmicrohttpd2 is an open source library that “embeds a HTTP or HTTPS daemon into host applications.”* With the help of ADA Logics and the Sovereign Tech Agency, this project has improved its resiliency and health […]| OSTIF.org
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our documentation audit of PHP. Specifically, the open source implementation of the interpreter for the PHP scripting language, which is popular in use for web development. As a result of this collaboration with OSTIF, Quarkslab, and The PHP Foundation, PHP was able to improve its documentation for future software development.| OSTIF.org
OSTIF would not be possible without our fantastic collaborators, partnerships, funders, and friends. Over the past 10 years, we’ve met so many amazing people, several of whom we have the utmost privilege of working with. It is deeply important to us that we give credit where credit is due. OSTIF wants to raise the visibility […]| OSTIF.org
Reflection by Communications, Operations, and Community Manager Helen Woeste| OSTIF.org
Over the duration of multiple programs with funders, we’ve heard firsthand their needs. Executives know they have the budget and desire to fund security, but need help with how to start generating outcomes. To create and sustain open source security programs requires dedicated administration work, experience with the open source community, knowledge of open source maintainer dynamics, a pool of experts who understand the needs of open source maintainers, quality assurance, and project parti...| OSTIF.org
The open source community has been abuzz for the past two years about European governance in open source software. From casual meetups to professional conferences, the implication of government funding and regulation of the free-use software sector has resulted in heavily debated discourse around the legal, financial, societal, and functional changes possible with the introduction […]| OSTIF.org
The Open Source Technology Improvement Fund is proud to share the results of our security audit of OpenEXR, a project at the Academy Software Foundation. OpenEXR is an open source specification and reference implementation of the EXR file format, which “accurately and efficiently represents high-dynamic-range scene-linear image data,” (https://openexr.com/en/latest/). With the help of Shielder and […]| OSTIF.org
The Open Source Technology Improvement Fund is proud to share the results of our security audit of MaterialX. MaterialX is an open source project hosted at the Academy Software Foundation for “representing rich material and look-development content in computer graphics, enabling its platform-independent description and exchange across applications and renderers,” (materialx.org). With the help of […]| OSTIF.org
The Open Source Technology Improvement Fund is proud to share the results of our security audit of PowSyBl. PowSyBl is an open source library for energy grid modeling, visualization, and simulation. With the help of Ada Logics and Linux Foundation Energy, this project manages electrical grids and provides users with efficient and secure power system blocks. | OSTIF.org
The Open Source Technology Improvement Fund is proud to share the results of our security audit of conda-forge. conda-forge is a community-driven open source repository of conda package manager recipes. With the help of 7ASecurity and the Sovereign Tech Agency, this project has invested in its longevity and security health by hardening its resilience and resolving the reported vulnerabilities. | OSTIF.org
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Ruby on Rails. Ruby on Rails (or “Rails”) is an open source full stack web-application framework. Thanks to the help of X41 D-Sec, GitLab, and the Sovereign Tech Agency, Rails can provide more secure versions of the tools needed for users to create database-backed web applications following the Model-View-Controller pattern. | OSTIF.org
OSTIF and wasmCloud collaborated with Trail of Bits on a security audit of the application which is a deployment platform for distributed Wasm application development. The engagement priorities are listed as, but not limited to: wasmCloud sandboxing capabilities of user-provided code, if users were appropriately limited in their accessible features so to as to minimize any loopholes for bad actors, and possibilities to break, hack, or crash any wasmCloud applications. To perform this security...| OSTIF.org
OSTIF is pleased to announce the completion of a security audit of Eclipse Jetty in collaboration with the Eclipse Foundation and Trail of Bits. This audit was a part of a package of work organized and managed by OSTIF to provide security engagements to Eclipse Foundation projects. With funding and full support from the Foundation, OSTIF was able to provide three projects with much-needed security oversight, analysis, and recommendations that helps projects grow stronger and more secure than ...| OSTIF.org