2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of CRI-O. CRI-O is an implementation of the Kubernetes Container Runtime Interface (CRI) that is OCI-compliant (-O) that provides the backend between OCI-format container images and the Kubernetes control plane. With the help of…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Kea. Kea is an open source project developed by Internet Systems Consortium (ISC). Described in the audit report as a “modular DHCP server framework… for assigning IPv4 and IPv6 addresses and distributing…
OSTIF is excited to announce our membership in the Open Source Initiative’s Open Policy Alliance. Contributing to cybersecurity policy is part of OSTIF’s mission to educate around the importance of security to sustainable open source longevity. Working with the global community that makes up the Alliance is an honor. We…
By Adam Korczynski and David Korczynski of Ada Logics In late 2024, Alpha-Omega partnered with Ada Logics and the Open Source Technology Improvement Fund (OSTIF) to audit 25 widely used open source projects in the AI and large language model (LLM) ecosystem. This initiative aimed at evaluating the overall security…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Bitcoin Core. Bitcoin core, the reference implementation of the Bitcoin protocol, is an open source cryptocurrency with assets valued at several billion USD. With the help of Quarkslab, Brink, and Chaincode Labs, this…
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our security audit of KubeVirt. KubeVirt is short for Kubernetes Virtualization, as the project is an API and runtime for managing virtual machines. With the help of Quarkslab and the Cloud Native Computing Foundation (CNCF), this…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of OpenSSF Scorecard. OpenSSF Scorecard is an open source automated testing resource to help projects continually assess security risks. With the help of ADA Logics and the OpenSSF, this project can continue to provide…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of GNU libmicrohttpd2. GNU libmicrohttpd2 is an open source library that “embeds a HTTP or HTTPS daemon into host applications.”* With the help of ADA Logics and the Sovereign Tech Agency, this project has…
Over the duration of multiple programs with funders, we’ve heard firsthand their needs. Executives know they have the budget and desire to fund security, but need help with how to start generating outcomes. To create and sustain open source security programs requires dedicated administration work, experience with the open source…
