Non-profit org that connects open-source projects with security resources. We are the Open Source Technology Improvement Fund.
Joined May 2015
- Tweets 970
- Following 801
- Followers 1,763
- Likes 1,861
157 Photos and videos
@OSTIFofficial is proud to share the results of our security audit of Scala, executed by a team of three auditors from Quarkslab. We want to thank our very own Derek Zimmer of OSTIF for advocating for this audit for a long time!
#OSTIF #Quarkslab #SovereignTechAgency #Scala
1
2
10
1,874
See the whole blog and report at ostif.org/scala-audit-comple…
66
May 26
A lack of input sanitization on host header paths in Starlette leads to bypassing auth with a single character across a huge swath of Python LLM infrastructure.
1
81
May 26
Update to Starlette 1.0.1 as soon as possible and read more about this vulnerability on badhost.org
1
72
May 26
Update to Starlette 1.0.1 as soon as possible and read more about this vulnerability on badhost.org
1
39
The Open Source Technology Improvement Fund is proud to share the results of our security engagement on Developing ECH for OpenSSL (“DEfO”).
ostif.org/defo-audit-complet…
#OSTIF #DEfO #AdaLogics #7ASecurity #SovereignTechAgency
1
221
With the help of Ada Logics, 7ASecurity, and the Sovereign Tech Agency, this project received expert security review, testing, and custom documentation contributing to DEfO’s ongoing development and security.
76
Mar 17
We are proud to announce our top 3 bugs of the year on our blog: ostif.org/bug-of-the-year-aw…
#OSTIF #BOTY #7ASecurity
1
112
Mar 17
While reflecting on our past 10 years, we revisited vulnerabilities discovered during OSTIF audits. As a result of our work, several hundred bugs a year are discovered on average.
1
1
54
Mar 17
With that in mind, our Executive Director Derek Zimmer proposed a new program: a Bug of the Year trophy, given to the individual who finds the best bug published by OSTIF in a calendar year.
1
49
Mar 10
Miss our last OSTIF meetup?
You can catch the recording here of Robin David, Software Security Researcher and Research Lead at Quarkslab, presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure".
#OSTIF #OpenSource #bitcoin
1
1
141
Don't miss tomorrow's @OSTIFofficial meetup with Robin David, Software Security Researcher and Research Lead at @quarkslab , presenting "Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure".
#OSTIF #OpenSource #bitcoin
1
2
77
34
@OSTIFofficial is proud to share the results of our security audit of Stork.
Stork is an open source project developed by the Internet Systems Consortium (ISC) that acts as an administrative interface for monitoring, maintaining, and surveilling Kea servers.
#OSTIF #7ASecurity
1
97
With the help of @7aSecurity, this project received custom security testing, documentation, and tooling contributing to Stork’s ongoing security and development work.
Full post here: ostif.org/stork-audit-comple…
27
Feb 27
We, like everyone else, couldn't look away from the Veritasium video on the XZ vulnerability.
Watch the video here youtube.com/watch?v=aoag03mS… to learn more details about this incredible story of open source security and community.
#OSTIF #Veritasium #XZ
1
113
Feb 27
While there is a lot to address, an important point of this story sticks out to us at OSTIF- that it was best practices, the secondary review of code before a push, that caught this before disaster struck.
1
49