During a security audit of vLLM managed by OSTIF.org, a bug was discovered through manual analysis by a senior security expert at X41 D-Sec. #OSTIF #BadHost #vLLM #X41DSec

Good milestone for Inspektor Gadget: its first independent security audit is complete. Thanks to @ostifofficial.bsky.social , @cncf.io , and @inspektor-gadget.io for the transparency around the process and fixes. techcommunity.microsoft.com/blog/Linuxan... #Kubernetes #eBPF #OpenSource #Security

The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain. Read the blog by Helen Woeste (OSTIF): openssf.org/blog/2026/05...

In 2023, DARPA announced a two-year long competition called the Artificial Intelligence Cyber Challenge (AIxCC), a massive undertaking by dozens of organizations with the goal to safeguard open source software used in critical infrastructure throughout America. #OSTIF #DARPA #OpenSSF #AI

Voila- the results of OSTIF's security audit of #Paramiko! Thanks to the contributions of @quarkslab.bsky.social and @openssf.org Alpha-Omega, this project received custom security work. Read about the Python implementation of the SSHv2 protocol at our blog: ostif.org/paramiko-aud...

Our external security audit with @shielder.com @ostifofficial.bsky.social and @cncf.io is out! 3 CVEs were found, all of which have been addressed in v0.51.1. Thank you to everyone involved inspektor-gadget.io/blog/2026/04...

We're proud to share the results of our audit of #LibVLC, performed by @trailofbits.bsky.social with support from @sovereign.tech! LibVLC received scoped security work, custom tools and fixes, and documentation for future development. Read more about it on our blog: ostif.org/libvlc-audit...

We're excited to announce the results of our audit of Inspektor Gadget! With the help of @shielder.com and the @cncf.io, this project received a security audit reviewing Inspektor Gadget’s core components. Read more about the work done on our blog: ostif.org/inspektor-ga...

Can a hostile container sneak past your eBPF tracing? Sometimes, yes. With @ostifofficial.bsky.social & @cncf.io we audited Inspektor Gadget - 3 vulns (fixed), 6 hardenings, 6 bypasses (io_uring, openat2, jumbo frames…). Work by ndaprela & @suidpit.sh👏 🔗 www.shielder.com/blog/2026/04...

NEWS 📣 The Sovereign Tech Agency is launching the Sovereign Tech Standards network today, a new program designed to bring open source maintainers directly into global standards development. www.sovereign.tech/news/join-so...

Our security audit of PyPI projects Requests, CacheControl, and urllib3 was executed by @7asecurity.bsky.social with funding provided from @openssf.org Alpha-Omega. Read more about this engagement on our blog: ostif.org/requests-cac...

The Open Source Technology Improvement Fund is proud to share the results of our security engagement on Developing ECH for OpenSSL (“DEfO”). ostif.org/defo-audit-c... #OSTIF #DEfO #AdaLogics #7ASecurity #SovereignTechAgency

#KubeCon EU starts today and guess what? Our very own @suidpit.sh will be on stage with a panel about the @kubernetes.io Security Audit we performed during 2025 with the support of @ostifofficial.bsky.social! 🗓️ March 25 - 16:45 CET 📍 Hall 8 | Room F

The Linux Foundation Announces $12.5 Million in Grant Funding (via Alpha-Omega and @openssf.org) Anthropic, AmazonWebServices, GitHub, Google, GoogleDeepMind, Microsoft, OpenAI to Invest in Sustainable Security Solutions for #OpenSource

We are proud to announce our top 3 bugs of the year on our blog: ostif.org/bug-of-the-y... #OSTIF #BOTY #7ASecurity

Miss our last OSTIF meetup? You can catch the recording here of Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure". www.youtube.com/watch?v=J1Y1... #OSTIF #bitcoin

ISC is pleased to announce the results of code audits for our Kea DHCP and Stork graphical management software projects! Thank you to @ostifofficial.bsky.social and the ICANN Grant Program for their support and assistance. Read more about the audits at www.isc.org/blogs/2026-t...

Don't miss tomorrow's OSTIF meetup with Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure". luma.com/gjnorzq0 #OSTIF #OpenSource #bitcoin

OSTIF is proud to share the results of our security audit of Stork, an open source project developed by the Internet Systems Consortium (ISC) that acts as an administrative interface for monitoring, maintaining, and surveilling Kea servers. ostif.org/stork-audit-... #OSTIF #Stork #7ASecurity

We, like everyone else, couldn't look away from the Veritasium video on the XZ vulnerability. Watch the video here www.youtube.com/watch?v=aoag... to learn more details about this incredible story of open source security and community. #OSTIF #Veritasium #XZ

For the past 4 years, OSTIF has run a Managed Audit Program for the CNCF. We’ve audited 33 projects in that time, working with maintainers all over the world to reinforce the security health of cloud native open source for billions of end users. Read the full report here: ostif.org/cncfmanagedp...

Miss yesterday's amazing audit meetup "High Assurance Cryptography and the Ethics of Disclosure" w/ @nadim.computer ? Catch the video here www.youtube.com/watch?v=TdOX... Make sure you're subscribed for notifications of any new meetups! luma.com/ostif-meetups #OSTIF #meetup #audit

Join us next Wednesday for an OSTIF meetup with Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure". luma.com/gjnorzq0 #OSTIF #OpenSource #bitcoin

Reminder: The Sovereign Tech Agency is gathering feedback from open source maintainers and contributors working with technology standards to inform the Agency's future work and new initiatives. ➡️ survey.sovereigntechfund.de/999999?lang=...

TODAY: Join my livestreamed talk on my Cryspen findings and ask me questions! 5:00pm Paris time, coordinated with @ostifofficial.bsky.social. Register here: luma.com/xc4yuezb?tk=...

Our work with @sovereign.tech over the past two years resulted in 9 published audits with 6 more underway. OSTIF doesn't take lightly the responsibility we feel to help make a more resilient and secure open source ecosystem. Read more in our 2 year report: ostif.org/sovereigntec...

RSVP fornext week's OSTIF meetup with Nadim Kobeissi, Senior Applied Cryptography Auditor at Cure53 presenting "High Assurance Cryptography and the Ethics of Disclosure". RSVPing adds the event to your calendar and lets us know you're coming! luma.com/xc4yuezb #OSTIF #OpenSource #disclosure

The Open Source Technology Improvement Fund is proud to share the results of our security audit of zlib. Thanks to the efforts of 7ASecurity and the Sovereign Tech Fund, this project underwent a holistic security review. See 🧵 below 👇 #OSTIF #7ASecurity #audit #zlib

Join us in 2 weeks on Wednesday, February 25th, for an OSTIF meetup with Nadim Kobeissi, Senior Applied Cryptography Auditor at Cure53 presenting "High Assurance Cryptography and the Ethics of Disclosure". #OSTIF #OpenSource #disclosure

I'm giving a talk soon about my Cryspen findings, in collaboration with @ostifofficial.bsky.social. Happening online, will be live-streamed. Register here: luma.com/xc4yuezb?tk=...

This month's Community Spotlight shines on Peter Hunt, Principal Software Engineer at Red Hat who has contributed to both of OSTIF's audits of CRI-O (cri-o.io). Come check out our interview! ostif.org/feb-2026-com... #OSTIF #Spotlight #RedHat

🆓 🎉 It's Free Open Source Software Month! Learn open source skills for FREE! From Linux fundamentals to Kubernetes, secure software, and emerging tech, check out Linux Foundation Education’s free learning library today: training.linuxfoundation.org/resources/ #OSS #CloudNative #Linux #Kubernetes

We couldn't have done it without: @sovereign.tech @cncf.io @lfenergy.bsky.social @aswf.io @quarkslab.bsky.social @shielder.com @trailofbits.bsky.social @openssf.org @opensource.org @puerco.mx @funnelfiasco.bsky.social @nadim.computer @adamshostack.bsky.social @openforumeurope.org and so many more!

Presenting our 2025 annual report! In our report, you’ll see that OSTIF's story and mission are intertwined. OSTIF will continue to fight for open source infrastructure and the privacy rights of users for as many decades as you’ll let us. Our statement and report link: ostif.org/2025-annual-...

Congratulations to the Scala team for securing investment in open source infrastructure with the @sovereign.tech! We're proud to contribute to this effort, and look forward to the future of Scala and this endowment's positive impact: scala-lang.org/blog/2026/01...

@lfenergy.bsky.social EVerest underwent a security engagement facilitated by us with auditing by @quarkslab.bsky.social. This holistic security work impacts millions of EV charging stations worldwide. Read more at our blog: ostif.org/everest-secu...

We conducted the first public third-party security assessment of EVerest, an open-source firmware stack for electric vehicle charging stations, deployed in hundreds of thousands of charging points worldwide. The audit was mandated by @ostifofficial.bsky.social 🙏 blog.quarkslab.com/everest-secu...

Having previously undergone an OSTIF security audit in 2022, Cloud Native Computing Foundation (CNCF) project CRI-O received another review in late 2025. Security auditing was performed by X41 D-Sec GmbH, and their report is available to read on our blog: ostif.org/cri-o-audit-...

Releasing today is our security audit of Internet Systems Consortium's Kea project. The project received holistic security improvements and recommendations from Ada Logics. Read more about the work performed and results to the project at our blog: ostif.org/kea-security...

OSTIF is proud to announce our membership in the Open Policy Alliance, an organization dedicated to the uplifting of open source in public knowledge and understanding! Excited to be involved in the Open Source Initiative's advocacy. Ready about it at the press release: ostif.org/ostif-joins-...

Sorry for the hiccup with our tag in the previous post! Our thanks again to @ostifofficial.bsky.social for their help with this important audit, which you can again read about in our blog post: blog.thunderbird.net/2025/12/thun...

We are building tech you can trust. Thank you to @ostifofficial.bsky.social and 7A Security for their collaboration on the security audit for Thunderbird Send, our end-to-end encrypted file transfer service (coming to everyone soon, open source now). blog.thunderbird.net/2025/12/thun...

Miss last week's amazing audit meetup about OpenEXR from Shielder? Catch the video here www.youtube.com/watch?v=3PmW.... Make sure you attend the live events if you want to participate in the Q&A, as those aren't recorded!

OSTIF is proud to announce our audit of Mozilla Thunderbird-Send, with auditing by 7ASecurity. Not yet publicly released, this project will eventually be used in Mozilla email and web browsers. Read about the work done to prepare and harden this project at our blog: ostif.org/thunderbird-...

If you haven't met the OSTIF community and me, they have a special introduction for you. Check out OSTIF's Meet the Community video to learn more about my professional experience and envisioned changes for the open source community. Thanks to the OSTIF team for the great intro! shorturl.at/q9J8R

cool folks doing cool stuff - do not miss out!

@shielder.com security researchers Davide and Pietro will be presenting on their audit of OpenEXR next Tuesday, 13:00 CST. Join to hear about how a team at the top of their game is auditing high-value targets used in a billion dollar industry. RSVP here: luma.com/ir16fuig

I had the opportunity to meet up with members of the Open Source Technology Improvement Fund (OSTIF) where we discussed the benefits and tradeoffs of publishing threat models. Grateful to engage with this awesome community! Check out the recording from the meetup! 👉 shorturl.at/6uKfu

Quarkslab engineers Robin David, Mihail Kirov and Kaname just completed the first public security audit of Bitcoin Core, led by @ostifofficial.bsky.social and funded by Brink.dev Details on the blog post: blog.quarkslab.com/bitcoin-core... Congrats to developers for such software masterpiece !

We've been a bit excited about this one. We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and @quarkslab.bsky.social to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit. Read more at our blog: ostif.org/bitcoin-core...