@ostifofficial.bsky.social
📤 51
📥 32
📝 79
The Open Source Technology Improvement Fund is proud to share the results of our security audit of zlib. Thanks to the efforts of 7ASecurity and the Sovereign Tech Fund, this project underwent a holistic security review. See 🧵 below 👇
#OSTIF
#7ASecurity
#audit
#zlib
about 9 hours ago
1
0
0
Join us in 2 weeks on Wednesday, February 25th, for an OSTIF meetup with Nadim Kobeissi, Senior Applied Cryptography Auditor at Cure53 presenting "High Assurance Cryptography and the Ethics of Disclosure".
#OSTIF
#OpenSource
#disclosure
5 days ago
1
1
0
reposted by
Nadim Kobeissi
6 days ago
I'm giving a talk soon about my Cryspen findings, in collaboration with
@ostifofficial.bsky.social
. Happening online, will be live-streamed. Register here:
luma.com/xc4yuezb?tk=...
loading . . .
High Assurance Cryptography and the Ethics of Disclosure w/ Nadim Kobeissi · Luma
Description Formally verified cryptographic libraries are increasingly deployed in critical systems, marketed as providing the highest level of assurance…
https://luma.com/xc4yuezb?tk=zWi01m
0
1
1
This month's Community Spotlight shines on Peter Hunt, Principal Software Engineer at Red Hat who has contributed to both of OSTIF's audits of CRI-O (
cri-o.io
). Come check out our interview!
ostif.org/feb-2026-com...
#OSTIF
#Spotlight
#RedHat
7 days ago
0
0
0
reposted by
The Linux Foundation
8 days ago
🆓 🎉 It's Free Open Source Software Month! Learn open source skills for FREE! From Linux fundamentals to Kubernetes, secure software, and emerging tech, check out Linux Foundation Education’s free learning library today:
training.linuxfoundation.org/resources/
#OSS
#CloudNative
#Linux
#Kubernetes
loading . . .
0
19
15
We couldn't have done it without:
@sovereign.tech
@cncf.io
@lfenergy.bsky.social
@aswf.io
@quarkslab.bsky.social
@shielder.com
@trailofbits.bsky.social
@openssf.org
@opensource.org
@puerco.mx
@funnelfiasco.bsky.social
@nadim.computer
@adamshostack.bsky.social
@openforumeurope.org
and so many more!
add a skeleton here at some point
15 days ago
0
5
1
Presenting our 2025 annual report! In our report, you’ll see that OSTIF's story and mission are intertwined. OSTIF will continue to fight for open source infrastructure and the privacy rights of users for as many decades as you’ll let us. Our statement and report link:
ostif.org/2025-annual-...
loading . . .
2025 Annual Report – OSTIF.org
https://ostif.org/2025-annual-report/
18 days ago
0
3
3
Congratulations to the Scala team for securing investment in open source infrastructure with the
@sovereign.tech
! We're proud to contribute to this effort, and look forward to the future of Scala and this endowment's positive impact:
scala-lang.org/blog/2026/01...
loading . . .
The Sovereign Tech Fund invests in Scala
https://scala-lang.org/blog/2026/01/27/sta-invests-in-scala.html
19 days ago
0
1
1
@lfenergy.bsky.social
EVerest underwent a security engagement facilitated by us with auditing by
@quarkslab.bsky.social
. This holistic security work impacts millions of EV charging stations worldwide. Read more at our blog:
ostif.org/everest-secu...
28 days ago
0
1
1
reposted by
Quarkslab
28 days ago
We conducted the first public third-party security assessment of EVerest, an open-source firmware stack for electric vehicle charging stations, deployed in hundreds of thousands of charging points worldwide. The audit was mandated by
@ostifofficial.bsky.social
🙏
blog.quarkslab.com/everest-secu...
0
2
2
Having previously undergone an OSTIF security audit in 2022, Cloud Native Computing Foundation (CNCF) project CRI-O received another review in late 2025. Security auditing was performed by X41 D-Sec GmbH, and their report is available to read on our blog:
ostif.org/cri-o-audit-...
about 1 month ago
0
1
0
Releasing today is our security audit of Internet Systems Consortium's Kea project. The project received holistic security improvements and recommendations from Ada Logics. Read more about the work performed and results to the project at our blog:
ostif.org/kea-security...
about 1 month ago
0
1
0
OSTIF is proud to announce our membership in the Open Policy Alliance, an organization dedicated to the uplifting of open source in public knowledge and understanding! Excited to be involved in the Open Source Initiative's advocacy. Ready about it at the press release:
ostif.org/ostif-joins-...
about 1 month ago
0
0
0
reposted by
Thunderbird
2 months ago
Sorry for the hiccup with our tag in the previous post! Our thanks again to
@ostifofficial.bsky.social
for their help with this important audit, which you can again read about in our blog post:
blog.thunderbird.net/2025/12/thun...
loading . . .
Thunderbird Send Security Audit with OSTIF and 7ASecurity - The Thunderbird Blog
As we get ready for the Thunderbird Pro launch, we want every service we offer to be secure and worthy of the trust our community places in us. That means being honest about where we stand today and t...
https://blog.thunderbird.net/2025/12/thunderbird-send-security-audit-with-ostif-and-7asecurity/
0
11
3
reposted by
Ryan Sipes
2 months ago
We are building tech you can trust. Thank you to
@ostifofficial.bsky.social
and 7A Security for their collaboration on the security audit for Thunderbird Send, our end-to-end encrypted file transfer service (coming to everyone soon, open source now).
blog.thunderbird.net/2025/12/thun...
loading . . .
Thunderbird Send Security Audit with OSTIF and 7ASecurity - The Thunderbird Blog
As we get ready for the Thunderbird Pro launch, we want every service we offer to be secure and worthy of the trust our community places in us. That means being honest about where we stand today and t...
https://blog.thunderbird.net/2025/12/thunderbird-send-security-audit-with-ostif-and-7asecurity/
0
16
4
Miss last week's amazing audit meetup about OpenEXR from Shielder? Catch the video here
www.youtube.com/watch?v=3PmW...
. Make sure you attend the live events if you want to participate in the Q&A, as those aren't recorded!
loading . . .
Meetup 008: Security Source Code Audit of OpenEXR w/ Pietro Tirenna and Davide
YouTube video by Open Source Technology Improvement Fund (OSTIF)
https://www.youtube.com/watch?v=3PmWu2iv_K8
2 months ago
0
0
0
OSTIF is proud to announce our audit of Mozilla Thunderbird-Send, with auditing by 7ASecurity. Not yet publicly released, this project will eventually be used in Mozilla email and web browsers. Read about the work done to prepare and harden this project at our blog:
ostif.org/thunderbird-...
loading . . .
Thunderbird-Send Audit Complete! – OSTIF.org
https://ostif.org/thunderbird-send-audit-complete/
2 months ago
0
2
0
reposted by
Adam Shostack
3 months ago
If you haven't met the OSTIF community and me, they have a special introduction for you. Check out OSTIF's Meet the Community video to learn more about my professional experience and envisioned changes for the open source community. Thanks to the OSTIF team for the great intro!
shorturl.at/q9J8R
loading . . .
OSTIF Meet the Community- Adam Shostack
Meet Adam Shostack, founder and Executive Director of Shostack and Associates! Shostack helped create the CVE. Now, he's an Emeritus member of the Advisory Board, fixed Autorun for hundreds of…
https://youtu.be/atLcqZRnCes
0
4
1
reposted by
3 months ago
cool folks doing cool stuff - do not miss out!
add a skeleton here at some point
0
2
1
@shielder.com
security researchers Davide and Pietro will be presenting on their audit of OpenEXR next Tuesday, 13:00 CST. Join to hear about how a team at the top of their game is auditing high-value targets used in a billion dollar industry. RSVP here:
luma.com/ir16fuig
loading . . .
Security Audit of OpenEXR · Luma
Description Join security researchers Pietro and Davide from Shielder as they take us through a source code security audit of the Academy Software Foundation's…
https://luma.com/ir16fuig
3 months ago
0
2
3
reposted by
Adam Shostack
3 months ago
I had the opportunity to meet up with members of the Open Source Technology Improvement Fund (OSTIF) where we discussed the benefits and tradeoffs of publishing threat models. Grateful to engage with this awesome community! Check out the recording from the meetup! 👉
shorturl.at/6uKfu
loading . . .
Meetup 007: Threat Modeling with Adam Shostack
Topic Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source should take the lead. Speaker Adam Shostack…
https://youtu.be/P8WD7R10UIw?si=uuDZsYO8rbDHwtSz
0
5
1
reposted by
Quarkslab
3 months ago
Quarkslab engineers Robin David, Mihail Kirov and Kaname just completed the first public security audit of Bitcoin Core, led by
@ostifofficial.bsky.social
and funded by
Brink.dev
Details on the blog post:
blog.quarkslab.com/bitcoin-core...
Congrats to developers for such software masterpiece !
loading . . .
Bitcoin Core audit - Quarkslab's blog
The Open Source Technology Improvement Fund, Inc. mandated Quarkslab to perform the first public security audit of Bitcoin core, the reference open-source implementation of the Bitcoin decentralized p...
https://blog.quarkslab.com/bitcoin-core-audit.html
0
6
5
We've been a bit excited about this one. We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and
@quarkslab.bsky.social
to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit. Read more at our blog:
ostif.org/bitcoin-core...
loading . . .
Bitcoin Core Audit Complete! – OSTIF.org
https://ostif.org/bitcoin-core-audit-complete/
3 months ago
1
5
2
reposted by
KubeVirt
3 months ago
We are pleased to announce that the KubeVirt Security Audit report has been published, in collaboration with
@quarkslab.bsky.social
and
@ostifofficial.bsky.social
Check out our blog post for all the details:
kubevirt.io/2025/Announc...
loading . . .
Announcing the results of our Security Audit | KubeVirt.io
As part of our application to Graduate, KubeVirt has a security audit performed by a third-party, organised through the CNCF and OSTIF.
https://kubevirt.io/2025/Announcing-KubeVirt-Security-Audit-Results.html
0
4
3
reposted by
Rey Lejano
3 months ago
#KubeCon
day 1 keynotes: Amir Montaziry from
@ostifofficial.bsky.social
talking about securing open source projects and an update on the
@kubernetes.io
audit which I helped out with along with
@iainsmart.bsky.social
0
3
1
OSTIF is proud to announce that our audit of
@kubevirt.bsky.social
is now public! This would not be possible without the contributions of Quarkslab and the Cloud Native Computing Foundation. Read about the work on our blog:
ostif.org/kubevirt-aud...
loading . . .
KubeVirt Audit is Complete! – OSTIF.org
https://ostif.org/kubevirt-audit-complete/
3 months ago
0
1
1
Amir and Derek present Reflections on 10 Years: Celebrating the Open Source Technology Improvement Fund next Thursday, November 6th 13:00 CST. Hear our friends and collaborators in discussion with us about our past, present, and future. RSVP here:
luma.com/nudnh5sv
loading . . .
Reflections on 10 Years w/ OSTIF · Luma
Description The Open Source Technology Improvement Fund is celebrating its 10th year, and we're spilling our secrets to the community! Come learn about our…
https://luma.com/nudnh5sv
4 months ago
0
1
1
Boo! Publish your threat models! 👻 Does that scare you? Join us Wednesday, Oct 29th at 14:00 CT with
@adamshostack.bsky.social
, who will be presenting on why transparency isn't something to be frightened of. RSVP to add straight to your calendar:
luma.com/6fvp6orm
loading . . .
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
https://luma.com/6fvp6orm
4 months ago
0
0
0
reposted by
Adam Shostack
4 months ago
Should we publish our threat models? I explore a different lens with OSTIF for how transparency can benefit everyone. Oct 29, 14:00 CT 👉
luma.com/6fvp6orm
loading . . .
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
https://luma.com/6fvp6orm
0
2
1
On November 6th at 13:00 CST, we are hosting "Reflections on 10 Years with OSTIF." Not just a reflection, this is a summation of our past, present, and future. RSVP to tell us your OSTIF experience, join in the celebration, or just to see what special guests we have joining:
luma.com/nudnh5sv
loading . . .
Reflections on 10 Years w/ OSTIF · Luma
Description The Open Source Technology Improvement Fund is celebrating its 10th year, and we're spilling our secrets to the community! Come learn about our…
https://luma.com/nudnh5sv
4 months ago
0
0
0
This week's blog is "OSTIF's Strategy Plan". No holds barred, it's complete transparency of what our goals for the next 3-5 years are. If you've got 5 minutes to spare on this autumn Friday, you'll be caught up:
ostif.org/ostifs-strat...
loading . . .
OSTIF’s Strategy Plan – OSTIF.org
https://ostif.org/ostifs-strategy-plan/
4 months ago
0
0
0
reposted by
OpenSSF
4 months ago
The
@ostifofficial.bsky.social
recently completed a security audit of
#OpenSSFScorecard
. With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. . Read to learn more:🔗
openssf.org/blog/2025/10...
0
2
1
reposted by
Adam Shostack
4 months ago
Publish your threat models! Not convinced? I'll be hosting a talk with OSTIF on Oct 29 @ 2pm CT for you to ask me questions. Register now and have your questions, thoughts, and comments ready!
luma.com/6fvp6orm
loading . . .
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
https://luma.com/6fvp6orm
0
15
9
Join us October 29th at 14:00 CST for a meetup with
@adamshostack.bsky.social
! RSVP here:
luma.com/6fvp6orm
First Adam will present on threat models (he literally wrote *the* book on the subject) and a Q&A portion will follow. We look forward to him and our community connecting!
loading . . .
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
https://luma.com/6fvp6orm
4 months ago
0
1
1
reposted by
The Linux Foundation
5 months ago
🆕 🔐 Cybersecurity isn’t just for CISOs—every leader must frame cyber risk as business risk. LF’s Executive Education equips senior leaders to: 🔹 Turn risk into advantage 🔹 Build resilient teams 🔹 Leverage emerging tech apply now 👉
training.linuxfoundation.org/training/lfe...
#CyberRisk
loading . . .
Cybersecurity Strategy & Risk Management for Executives
This series helps leaders turn cyber risks into business strategy, driving growth, innovation, and resilience.
https://training.linuxfoundation.org/training/lfexecutive-ed-cybersecurity/
0
8
2
Duck, duck...goose (eggs)! OSTIF is honored to be a five time recipient of DuckDuckGo's Charitable Donations Program. Read about this donation and its impact on us at our blog:
ostif.org/five-years-d...
loading . . .
OSTIF Recieves a Fifth Yearly Donation from DuckDuckGo! – OSTIF.org
https://ostif.org/five-years-duckduckgo/
5 months ago
0
1
0
We've got a GNU audit for you! GNU libmicrohttpd2 was audited thanks to
@sovereign.tech
and ADA Logics. The library underwent a threat modeling practice, fuzzing improvements, and a small cryptography review. Read about it on our blog:
ostif.org/gnu-libmicro...
loading . . .
GNU libmicrohttpd2 Audit Complete! – OSTIF.org
https://ostif.org/gnu-libmicrohttpd2-audit-complete/
5 months ago
0
1
0
We're baaaccckkkkk... and this time, we have
@adamshostack.bsky.social
! Join us next month, Oct 29th 14:00 CST, for a meetup on threat modeling: developing them, using them, and publishing them. RSVP to attend:
luma.com/6fvp6orm
loading . . .
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
https://luma.com/6fvp6orm
5 months ago
0
1
1
reposted by
Quarkslab
5 months ago
RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀 In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
blog.quarkslab.com/security-rev...
loading . . .
Security review of PHP documentation - Quarkslab's blog
The Open Source Technology Improvement Fund, Inc., engaged with Quarkslab to perform a security audit of the code snippets in the English version of PHP documentation, focused on some specific pages.
https://blog.quarkslab.com/security-review-of-php-documentation.html
0
6
5
Join us in celebrating our first Community Spotlight honorees, David Korczynski and Adam Korczynski! Learn more about these brothers and business partners in our Community Spotlight post:
ostif.org/001-2025-com...
5 months ago
0
0
0
Start your workweek with a bit of rumination and OSTIF's latest blog post: "Open Source Summit and OpenSSF Community Day EU 2025 Reflection"
ostif.org/ossummit-com...
loading . . .
Open Source Summit and OpenSSF Community Days EU 2025 Reflection – OSTIF.org
https://ostif.org/ossummit-commday-reflection/
5 months ago
0
0
0
@openssf.org
Community Day aka the big day for us! Amir will participating in a tabletop exercise at 15:40 and Helen will be speaking on our audit of RSTUF at 10:50. Check out the rest of the schedule here:
events.linuxfoundation.org/openssf-comm...
loading . . .
Schedule | LF Events
View the SOSS Community Day North America 2024 Schedule & Speakers.
https://events.linuxfoundation.org/openssf-community-day-europe/program/schedule/
6 months ago
0
1
0
Bridging the gap between open source project security and foundations- its what we do. "The Bridge to Improving Security: How OSTIF Helps Foundations" is live now on our blog:
ostif.org/ostif-helps-...
loading . . .
The Bridge to Improving Security: How OSTIF Helps Foundations – OSTIF.org
https://ostif.org/ostif-helps-foundations/
6 months ago
0
0
0
thank you to the
@openssf.org
for the opportunity to chat about our work and mission on "What's in the SOSS?" Listen on your preferred podcasting app:
openssf.org/podcast/2025...
loading . . .
What’s in the SOSS? Podcast #37 – S2E14 Open Source Security: OSTIF’s 10-Year Journey of Collaborative Audits – Open Source Security Foundation
https://openssf.org/podcast/2025/08/12/whats-in-the-soss-podcast-37-s2e14-open-source-security-ostifs-10-year-journey-of-collaborative-audits/?utm_content=342784617&utm_medium=social&utm_source=linkedin&hss_channel=lcp-76521837
6 months ago
0
0
0
reposted by
Least Authority
6 months ago
Our team recently completed three security audits of Permuto for
@chia.net
. You can read the full report, including our findings, here:
leastauthority.com/blog/audit-o...
loading . . .
Chia Network - Permuto - Least Authority
Chia Network has requested that Least Authority perform security audits of Permuto.
https://leastauthority.com/blog/audit-of-chia-permuto/
0
0
1
reposted by
All Things Open
6 months ago
We're thrilled to have Amir Montazery, Managing Director for
@ostifofficial.bsky.social
, presenting "Success Stories in Open Source: Third Party Security Audits" at
#AllThingsOpen
!
2025.allthingsopen.org/sessions/2-f...
0
4
2
We thought it would be timely to make a statement about our involvement with and position re: @OpenForumEurope EU-STF report. Get our thoughts at the blog:
ostif.org/eu-stf-and-o...
loading . . .
EU-STF and OSTIF – OSTIF.org
https://ostif.org/eu-stf-and-ostif/
7 months ago
0
0
0
Our Managing Director Amir will be speaking at the
@aswf.io
Open Source Days on Sunday! RSVP at
sched.co/25j6n
to hear about why "Security Audits Aren't Scary", and how renewable security efforts help projects, foundations, and the open source community!
loading . . .
Open Source Days 2025: Security Audits are Not Scary - Applying...
View more about this event at Open Source Days 2025
https://sched.co/25j6n
7 months ago
0
0
0
In partnership with
@aswf.io
, OSTIF and
@shielder.com
worked on audits of MaterialX and OpenEXR. Our deepest gratitude for this opportunity to work with incredible maintainers and cool projects such as these- read about them at our blogs:
ostif.org/materialx-au...
,
ostif.org/openexr-audi...
7 months ago
0
3
2
reposted by
Shielder
7 months ago
🚨 New Open Source Audit Alert! 🚨 Shielder, with
@ostifofficial.bsky.social
& ASWF audited OpenEXR and MaterialX: 🔍 11 issues found (1 critical, 3 still to be published) ✔️ Most fixed, others planned 🗣️ ndaprela
@smaury.bsky.social
@suidpit.bsky.social
@thezero.org
Full details in the blog post ⬇️🧵
1
4
5
Load more
feeds!
log in