OSTIF Official

Do you have an extra 5 minutes today you want to spend learning about open source security? OSTIF is proud to share our 2024 Annual Report today, covering the 60 open source security engagements we directed last year. See links 👇 to read about our efforts!

With that in mind, our Executive Director Derek Zimmer proposed a new program: a Bug of the Year trophy, given to the individual who finds the best bug published by OSTIF in a calendar year.

While reflecting on our past 10 years, we revisited vulnerabilities discovered during OSTIF audits. As a result of our work, several hundred bugs a year are discovered on average.

We are proud to announce our top 3 bugs of the year on our blog: ostif.org/bug-of-the-yea… #OSTIF #BOTY #7ASecurity

Miss our last OSTIF meetup? You can catch the recording here of Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure". #OSTIF #OpenSource #bitcoin

Don't miss tomorrow's @OSTIFofficial meetup with Robin David, Software Security Researcher and Research Lead at @quarkslab , presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure". #OSTIF #OpenSource #bitcoin

With the help of @7aSecurity, this project received custom security testing, documentation, and tooling contributing to Stork’s ongoing security and development work.  Full post here: ostif.org/stork-audit-co…

@OSTIFofficial is proud to share the results of our security audit of Stork. Stork is an open source project developed by the Internet Systems Consortium (ISC) that acts as an administrative interface for monitoring, maintaining, and surveilling Kea servers. #OSTIF #7ASecurity

While there is a lot to address, an important point of this story sticks out to us at OSTIF- that it was best practices, the secondary review of code before a push, that caught this before disaster struck.

We, like everyone else, couldn't look away from the Veritasium video on the XZ vulnerability. Watch the video here youtube.com/watch?v=aoag03… to learn more details about this incredible story of open source security and community. #OSTIF #Veritasium #XZ

For the past 4 years, OSTIF has run a Managed Audit Program for the CNCF. We’ve audited 33 projects with maintainers all over the world, reinforcing the security of cloud native open source for billions of users. Read report here: ostif.org/cncfmanagedpro… #OSTIF #CNCF #Report

Make sure you attend the live events if you want to participate in the Q&A, as those aren't recorded! Also make sure you're subscribed to our Luma calendar for notifications of any new meetups! luma.com/ostif-meetups #OSTIF #meetup #audit

Miss yesterday's amazing audit meetup "High Assurance Cryptography and the Ethics of Disclosure" w/ @kaepora ? Catch the video here youtube.com/watch?v=TdOXza… #OSTIF #meetup #audit

Make sure to RSVP to add the event to your calendar and let us know you're coming: luma.com/gjnorzq0

Join us next Wednesday at 11AM CST for an OSTIF meetup with Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure". Link in 🧵👇 #OSTIF #bitcoin

RSVP for next week's meetup with @kaepora, Senior Applied Cryptography Auditor at Cure53 presenting "High Assurance Cryptography and the Ethics of Disclosure". RSVPing adds the event to your calendar and lets us know you're coming! luma.com/xc4yuezb #OSTIF #OpenSource

Thanks to the efforts of @7aSecurity and the Sovereign Tech Fund, this project underwent a holistic security review. Read about the process and results here 👉 ostif.org/zlib-audit-com…

@OSTIFofficial is proud to share the results of our security audit of zlib. Zlib is an open source lossless data-compression library for use on virtually any computer hardware and operating system. See 🧵 below 👇 #OSTIF #7ASecurity #audit #zlib

RSVP here luma.com/xc4yuezb

Join us in 2 weeks on Wednesday, February 25th, for an OSTIF meetup with @kaepora, Senior Applied Cryptography Auditor at Cure53 presenting "High Assurance Cryptography and the Ethics of Disclosure". #OSTIF #OpenSource #disclosure