With the help of Ada Logics, 7ASecurity, and the Sovereign Tech Agency, this project received expert security review, testing, and custom documentation contributing to DEfO’s ongoing development and security.
The Open Source Technology Improvement Fund is proud to share the results of our security engagement on Developing ECH for OpenSSL (“DEfO”).
ostif.org/defo-audit-c...
#OSTIF #DEfO #AdaLogics #7ASecurity #SovereignTechAgency
#KubeCon EU starts today and guess what? Our very own @suidpit.sh will be on stage with a panel about the @kubernetes.io Security Audit we performed during 2025 with the support of @ostifofficial.bsky.social!
🗓️ March 25 - 16:45 CET
📍 Hall 8 | Room F
The Linux Foundation Announces $12.5 Million in Grant Funding (via Alpha-Omega and @openssf.org)
Anthropic, AmazonWebServices, GitHub, Google, GoogleDeepMind, Microsoft, OpenAI to Invest in Sustainable Security Solutions for #OpenSource
We are proud to announce our top 3 bugs of the year on our blog: ostif.org/bug-of-the-y...
#OSTIF #BOTY #7ASecurity
Miss our last OSTIF meetup?
You can catch the recording here of Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure".
www.youtube.com/watch?v=J1Y1...
#OSTIF #bitcoin
ISC is pleased to announce the results of code audits for our Kea DHCP and Stork graphical management software projects! Thank you to @ostifofficial.bsky.social and the ICANN Grant Program for their support and assistance.
Read more about the audits at www.isc.org/blogs/2026-t...
Don't miss tomorrow's OSTIF meetup with Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure".
luma.com/gjnorzq0
#OSTIF #OpenSource #bitcoin
OSTIF is proud to share the results of our security audit of Stork, an open source project developed by the Internet Systems Consortium (ISC) that acts as an administrative interface for monitoring, maintaining, and surveilling Kea servers.
ostif.org/stork-audit-...
#OSTIF #Stork #7ASecurity
While there is a lot to address, an important point of this story sticks out to us at OSTIF- that it was best practices, the secondary review of code before a push, that caught this before disaster struck.
We, like everyone else, couldn't look away from the Veritasium video on the XZ vulnerability.
Watch the video here www.youtube.com/watch?v=aoag... to learn more details about this incredible story of open source security and community.
#OSTIF #Veritasium #XZ
For the past 4 years, OSTIF has run a Managed Audit Program for the CNCF. We’ve audited 33 projects in that time, working with maintainers all over the world to reinforce the security health of cloud native open source for billions of end users.
Read the full report here: ostif.org/cncfmanagedp...
Miss yesterday's amazing audit meetup "High Assurance Cryptography and the Ethics of Disclosure" w/ @nadim.computer ?
Catch the video here www.youtube.com/watch?v=TdOX...
Make sure you're subscribed for notifications of any new meetups! luma.com/ostif-meetups
#OSTIF #meetup #audit
Join us next Wednesday for an OSTIF meetup with Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure". luma.com/gjnorzq0
#OSTIF #OpenSource #bitcoin
Reminder: The Sovereign Tech Agency is gathering feedback from open source maintainers and contributors working with technology standards to inform the Agency's future work and new initiatives.
➡️ survey.sovereigntechfund.de/999999?lang=...
TODAY: Join my livestreamed talk on my Cryspen findings and ask me questions! 5:00pm Paris time, coordinated with @ostifofficial.bsky.social.
Register here: luma.com/xc4yuezb?tk=...
Our work with @sovereign.tech over the past two years resulted in 9 published audits with 6 more underway. OSTIF doesn't take lightly the responsibility we feel to help make a more resilient and secure open source ecosystem. Read more in our 2 year report: ostif.org/sovereigntec...
RSVP fornext week's OSTIF meetup with Nadim Kobeissi, Senior Applied Cryptography Auditor at Cure53 presenting "High Assurance Cryptography and the Ethics of Disclosure".
RSVPing adds the event to your calendar and lets us know you're coming!
luma.com/xc4yuezb
#OSTIF #OpenSource #disclosure
Zlib is an open source lossless data-compression library for use on virtually any computer hardware and operating system.
Read about the audit process and results here 👉 ostif.org/zlib-audit-c...
The Open Source Technology Improvement Fund is proud to share the results of our security audit of zlib.
Thanks to the efforts of 7ASecurity and the Sovereign Tech Fund, this project underwent a holistic security review.
See 🧵 below 👇
#OSTIF #7ASecurity #audit #zlib
We look forward to the great conversations that happen when you can get passionate folks together to talk open source security!
Make sure to RSVP to add the event to your calendar and let us know you're coming: luma.com/xc4yuezb
Join us in 2 weeks on Wednesday, February 25th, for an OSTIF meetup with Nadim Kobeissi, Senior Applied Cryptography Auditor at Cure53 presenting "High Assurance Cryptography and the Ethics of Disclosure".
#OSTIF #OpenSource #disclosure
I'm giving a talk soon about my Cryspen findings, in collaboration with @ostifofficial.bsky.social. Happening online, will be live-streamed.
Register here: luma.com/xc4yuezb?tk=...
This month's Community Spotlight shines on Peter Hunt, Principal Software Engineer at Red Hat who has contributed to both of OSTIF's audits of CRI-O (cri-o.io). Come check out our interview!
ostif.org/feb-2026-com...
#OSTIF #Spotlight #RedHat
🆓 🎉 It's Free Open Source Software Month! Learn open source skills for FREE!
From Linux fundamentals to Kubernetes, secure software, and emerging tech, check out Linux Foundation Education’s free learning library today: training.linuxfoundation.org/resources/
#OSS #CloudNative #Linux #Kubernetes
We couldn't have done it without: @sovereign.tech @cncf.io @lfenergy.bsky.social @aswf.io @quarkslab.bsky.social @shielder.com @trailofbits.bsky.social @openssf.org @opensource.org @puerco.mx @funnelfiasco.bsky.social @nadim.computer @adamshostack.bsky.social @openforumeurope.org and so many more!
Presenting our 2025 annual report! In our report, you’ll see that OSTIF's story and mission are intertwined. OSTIF will continue to fight for open source infrastructure and the privacy rights of users for as many decades as you’ll let us.
Our statement and report link: ostif.org/2025-annual-...
Congratulations to the Scala team for securing investment in open source infrastructure with the @sovereign.tech! We're proud to contribute to this effort, and look forward to the future of Scala and this endowment's positive impact: scala-lang.org/blog/2026/01...
@lfenergy.bsky.social EVerest underwent a security engagement facilitated by us with auditing by @quarkslab.bsky.social. This holistic security work impacts millions of EV charging stations worldwide. Read more at our blog:
ostif.org/everest-secu...
We conducted the first public third-party security assessment of EVerest, an open-source firmware stack for electric vehicle charging stations, deployed in hundreds of thousands of charging points worldwide.
The audit was mandated by @ostifofficial.bsky.social 🙏
blog.quarkslab.com/everest-secu...
