OSTIF Official

Read about the work on our blog: ostif.org/hack-to-the-fu…

In 2023, @DARPA announced a two-year long competition called the Artificial Intelligence Cyber Challenge (AIxCC), a massive undertaking by dozens of organizations with the goal to safeguard open source software used in critical infrastructure throughout America. #OSTIF #DARPA #AI

With the help of Ada Logics, 7ASecurity, and the Sovereign Tech Agency, this project received expert security review, testing, and custom documentation contributing to DEfO’s ongoing development and security.

The Open Source Technology Improvement Fund is proud to share the results of our security engagement on Developing ECH for OpenSSL (“DEfO”). ostif.org/defo-audit-com… #OSTIF #DEfO #AdaLogics #7ASecurity #SovereignTechAgency

With that in mind, our Executive Director Derek Zimmer proposed a new program: a Bug of the Year trophy, given to the individual who finds the best bug published by OSTIF in a calendar year.

While reflecting on our past 10 years, we revisited vulnerabilities discovered during OSTIF audits. As a result of our work, several hundred bugs a year are discovered on average.

We are proud to announce our top 3 bugs of the year on our blog: ostif.org/bug-of-the-yea… #OSTIF #BOTY #7ASecurity

Miss our last OSTIF meetup? You can catch the recording here of Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure". #OSTIF #OpenSource #bitcoin

Don't miss tomorrow's @OSTIFofficial meetup with Robin David, Software Security Researcher and Research Lead at @quarkslab , presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure". #OSTIF #OpenSource #bitcoin

With the help of @7aSecurity, this project received custom security testing, documentation, and tooling contributing to Stork’s ongoing security and development work.  Full post here: ostif.org/stork-audit-co…

@OSTIFofficial is proud to share the results of our security audit of Stork. Stork is an open source project developed by the Internet Systems Consortium (ISC) that acts as an administrative interface for monitoring, maintaining, and surveilling Kea servers. #OSTIF #7ASecurity

While there is a lot to address, an important point of this story sticks out to us at OSTIF- that it was best practices, the secondary review of code before a push, that caught this before disaster struck.

We, like everyone else, couldn't look away from the Veritasium video on the XZ vulnerability. Watch the video here youtube.com/watch?v=aoag03… to learn more details about this incredible story of open source security and community. #OSTIF #Veritasium #XZ

For the past 4 years, OSTIF has run a Managed Audit Program for the CNCF. We’ve audited 33 projects with maintainers all over the world, reinforcing the security of cloud native open source for billions of users. Read report here: ostif.org/cncfmanagedpro… #OSTIF #CNCF #Report

Make sure you attend the live events if you want to participate in the Q&A, as those aren't recorded! Also make sure you're subscribed to our Luma calendar for notifications of any new meetups! luma.com/ostif-meetups #OSTIF #meetup #audit

Miss yesterday's amazing audit meetup "High Assurance Cryptography and the Ethics of Disclosure" w/ @kaepora ? Catch the video here youtube.com/watch?v=TdOXza… #OSTIF #meetup #audit

Make sure to RSVP to add the event to your calendar and let us know you're coming: luma.com/gjnorzq0

Join us next Wednesday at 11AM CST for an OSTIF meetup with Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure". Link in 🧵👇 #OSTIF #bitcoin