@ostifofficial.bsky.social
Reposted
I'm giving a talk soon about my Cryspen findings, in collaboration with @ostifofficial.bsky.social. Happening online, will be live-streamed.
Register here: luma.com/xc4yuezb?tk=...
Register here: luma.com/xc4yuezb?tk=...
High Assurance Cryptography and the Ethics of Disclosure w/ Nadim Kobeissi · Luma
Description
Formally verified cryptographic libraries are increasingly deployed in critical systems, marketed as providing the highest level of assurance…
luma.com
February 11, 2026 at 4:10 PM
I'm giving a talk soon about my Cryspen findings, in collaboration with @ostifofficial.bsky.social. Happening online, will be live-streamed.
Register here: luma.com/xc4yuezb?tk=...
Register here: luma.com/xc4yuezb?tk=...
This month's Community Spotlight shines on Peter Hunt, Principal Software Engineer at Red Hat who has contributed to both of OSTIF's audits of CRI-O (cri-o.io). Come check out our interview!
ostif.org/feb-2026-com...
#OSTIF #Spotlight #RedHat
ostif.org/feb-2026-com...
#OSTIF #Spotlight #RedHat
February 10, 2026 at 4:03 PM
This month's Community Spotlight shines on Peter Hunt, Principal Software Engineer at Red Hat who has contributed to both of OSTIF's audits of CRI-O (cri-o.io). Come check out our interview!
ostif.org/feb-2026-com...
#OSTIF #Spotlight #RedHat
ostif.org/feb-2026-com...
#OSTIF #Spotlight #RedHat
Reposted
🆓 🎉 It's Free Open Source Software Month! Learn open source skills for FREE!
From Linux fundamentals to Kubernetes, secure software, and emerging tech, check out Linux Foundation Education’s free learning library today: training.linuxfoundation.org/resources/
#OSS #CloudNative #Linux #Kubernetes
From Linux fundamentals to Kubernetes, secure software, and emerging tech, check out Linux Foundation Education’s free learning library today: training.linuxfoundation.org/resources/
#OSS #CloudNative #Linux #Kubernetes
February 9, 2026 at 2:14 PM
🆓 🎉 It's Free Open Source Software Month! Learn open source skills for FREE!
From Linux fundamentals to Kubernetes, secure software, and emerging tech, check out Linux Foundation Education’s free learning library today: training.linuxfoundation.org/resources/
#OSS #CloudNative #Linux #Kubernetes
From Linux fundamentals to Kubernetes, secure software, and emerging tech, check out Linux Foundation Education’s free learning library today: training.linuxfoundation.org/resources/
#OSS #CloudNative #Linux #Kubernetes
We couldn't have done it without: @sovereign.tech @cncf.io @lfenergy.bsky.social @aswf.io @quarkslab.bsky.social @shielder.com @trailofbits.bsky.social @openssf.org @opensource.org @puerco.mx @funnelfiasco.bsky.social @nadim.computer @adamshostack.bsky.social @openforumeurope.org and so many more!
Presenting our 2025 annual report! In our report, you’ll see that OSTIF's story and mission are intertwined. OSTIF will continue to fight for open source infrastructure and the privacy rights of users for as many decades as you’ll let us.
Our statement and report link: ostif.org/2025-annual-...
Our statement and report link: ostif.org/2025-annual-...
2025 Annual Report – OSTIF.org
ostif.org
February 2, 2026 at 6:59 PM
We couldn't have done it without: @sovereign.tech @cncf.io @lfenergy.bsky.social @aswf.io @quarkslab.bsky.social @shielder.com @trailofbits.bsky.social @openssf.org @opensource.org @puerco.mx @funnelfiasco.bsky.social @nadim.computer @adamshostack.bsky.social @openforumeurope.org and so many more!
Presenting our 2025 annual report! In our report, you’ll see that OSTIF's story and mission are intertwined. OSTIF will continue to fight for open source infrastructure and the privacy rights of users for as many decades as you’ll let us.
Our statement and report link: ostif.org/2025-annual-...
Our statement and report link: ostif.org/2025-annual-...
2025 Annual Report – OSTIF.org
ostif.org
January 30, 2026 at 3:06 PM
Presenting our 2025 annual report! In our report, you’ll see that OSTIF's story and mission are intertwined. OSTIF will continue to fight for open source infrastructure and the privacy rights of users for as many decades as you’ll let us.
Our statement and report link: ostif.org/2025-annual-...
Our statement and report link: ostif.org/2025-annual-...
Congratulations to the Scala team for securing investment in open source infrastructure with the @sovereign.tech! We're proud to contribute to this effort, and look forward to the future of Scala and this endowment's positive impact: scala-lang.org/blog/2026/01...
The Sovereign Tech Fund invests in Scala
scala-lang.org
January 29, 2026 at 6:45 PM
Congratulations to the Scala team for securing investment in open source infrastructure with the @sovereign.tech! We're proud to contribute to this effort, and look forward to the future of Scala and this endowment's positive impact: scala-lang.org/blog/2026/01...
@lfenergy.bsky.social EVerest underwent a security engagement facilitated by us with auditing by @quarkslab.bsky.social. This holistic security work impacts millions of EV charging stations worldwide. Read more at our blog:
ostif.org/everest-secu...
ostif.org/everest-secu...
January 20, 2026 at 5:48 PM
@lfenergy.bsky.social EVerest underwent a security engagement facilitated by us with auditing by @quarkslab.bsky.social. This holistic security work impacts millions of EV charging stations worldwide. Read more at our blog:
ostif.org/everest-secu...
ostif.org/everest-secu...
Reposted
We conducted the first public third-party security assessment of EVerest, an open-source firmware stack for electric vehicle charging stations, deployed in hundreds of thousands of charging points worldwide.
The audit was mandated by @ostifofficial.bsky.social 🙏
blog.quarkslab.com/everest-secu...
The audit was mandated by @ostifofficial.bsky.social 🙏
blog.quarkslab.com/everest-secu...
January 20, 2026 at 4:45 PM
We conducted the first public third-party security assessment of EVerest, an open-source firmware stack for electric vehicle charging stations, deployed in hundreds of thousands of charging points worldwide.
The audit was mandated by @ostifofficial.bsky.social 🙏
blog.quarkslab.com/everest-secu...
The audit was mandated by @ostifofficial.bsky.social 🙏
blog.quarkslab.com/everest-secu...
Having previously undergone an OSTIF security audit in 2022, Cloud Native Computing Foundation (CNCF) project CRI-O received another review in late 2025. Security auditing was performed by X41 D-Sec GmbH, and their report is available to read on our blog: ostif.org/cri-o-audit-...
January 13, 2026 at 7:27 PM
Having previously undergone an OSTIF security audit in 2022, Cloud Native Computing Foundation (CNCF) project CRI-O received another review in late 2025. Security auditing was performed by X41 D-Sec GmbH, and their report is available to read on our blog: ostif.org/cri-o-audit-...
Releasing today is our security audit of Internet Systems Consortium's Kea project. The project received holistic security improvements and recommendations from Ada Logics. Read more about the work performed and results to the project at our blog: ostif.org/kea-security...
January 12, 2026 at 4:12 PM
Releasing today is our security audit of Internet Systems Consortium's Kea project. The project received holistic security improvements and recommendations from Ada Logics. Read more about the work performed and results to the project at our blog: ostif.org/kea-security...
OSTIF is proud to announce our membership in the Open Policy Alliance, an organization dedicated to the uplifting of open source in public knowledge and understanding! Excited to be involved in the Open Source Initiative's advocacy. Ready about it at the press release: ostif.org/ostif-joins-...
January 9, 2026 at 3:38 PM
OSTIF is proud to announce our membership in the Open Policy Alliance, an organization dedicated to the uplifting of open source in public knowledge and understanding! Excited to be involved in the Open Source Initiative's advocacy. Ready about it at the press release: ostif.org/ostif-joins-...
Reposted
Sorry for the hiccup with our tag in the previous post! Our thanks again to @ostifofficial.bsky.social for their help with this important audit, which you can again read about in our blog post:
blog.thunderbird.net/2025/12/thun...
blog.thunderbird.net/2025/12/thun...
Thunderbird Send Security Audit with OSTIF and 7ASecurity - The Thunderbird Blog
As we get ready for the Thunderbird Pro launch, we want every service we offer to be secure and worthy of the trust our community places in us. That means being honest about where we stand today and t...
blog.thunderbird.net
December 10, 2025 at 5:06 PM
Sorry for the hiccup with our tag in the previous post! Our thanks again to @ostifofficial.bsky.social for their help with this important audit, which you can again read about in our blog post:
blog.thunderbird.net/2025/12/thun...
blog.thunderbird.net/2025/12/thun...
Reposted
We are building tech you can trust.
Thank you to @ostifofficial.bsky.social and 7A Security for their collaboration on the security audit for Thunderbird Send, our end-to-end encrypted file transfer service (coming to everyone soon, open source now).
blog.thunderbird.net/2025/12/thun...
Thank you to @ostifofficial.bsky.social and 7A Security for their collaboration on the security audit for Thunderbird Send, our end-to-end encrypted file transfer service (coming to everyone soon, open source now).
blog.thunderbird.net/2025/12/thun...
Thunderbird Send Security Audit with OSTIF and 7ASecurity - The Thunderbird Blog
As we get ready for the Thunderbird Pro launch, we want every service we offer to be secure and worthy of the trust our community places in us. That means being honest about where we stand today and t...
blog.thunderbird.net
December 10, 2025 at 3:24 PM
We are building tech you can trust.
Thank you to @ostifofficial.bsky.social and 7A Security for their collaboration on the security audit for Thunderbird Send, our end-to-end encrypted file transfer service (coming to everyone soon, open source now).
blog.thunderbird.net/2025/12/thun...
Thank you to @ostifofficial.bsky.social and 7A Security for their collaboration on the security audit for Thunderbird Send, our end-to-end encrypted file transfer service (coming to everyone soon, open source now).
blog.thunderbird.net/2025/12/thun...
Miss last week's amazing audit meetup about OpenEXR from Shielder? Catch the video here www.youtube.com/watch?v=3PmW.... Make sure you attend the live events if you want to participate in the Q&A, as those aren't recorded!
Meetup 008: Security Source Code Audit of OpenEXR w/ Pietro Tirenna and Davide
YouTube video by Open Source Technology Improvement Fund (OSTIF)
www.youtube.com
December 9, 2025 at 4:41 PM
Miss last week's amazing audit meetup about OpenEXR from Shielder? Catch the video here www.youtube.com/watch?v=3PmW.... Make sure you attend the live events if you want to participate in the Q&A, as those aren't recorded!
OSTIF is proud to announce our audit of Mozilla Thunderbird-Send, with auditing by 7ASecurity. Not yet publicly released, this project will eventually be used in Mozilla email and web browsers. Read about the work done to prepare and harden this project at our blog: ostif.org/thunderbird-...
Thunderbird-Send Audit Complete! – OSTIF.org
ostif.org
December 9, 2025 at 3:30 PM
OSTIF is proud to announce our audit of Mozilla Thunderbird-Send, with auditing by 7ASecurity. Not yet publicly released, this project will eventually be used in Mozilla email and web browsers. Read about the work done to prepare and harden this project at our blog: ostif.org/thunderbird-...
Reposted
If you haven't met the OSTIF community and me, they have a special introduction for you.
Check out OSTIF's Meet the Community video to learn more about my professional experience and envisioned changes for the open source community.
Thanks to the OSTIF team for the great intro! shorturl.at/q9J8R
Check out OSTIF's Meet the Community video to learn more about my professional experience and envisioned changes for the open source community.
Thanks to the OSTIF team for the great intro! shorturl.at/q9J8R
OSTIF Meet the Community- Adam Shostack
Meet Adam Shostack, founder and Executive Director of Shostack and Associates! Shostack helped create the CVE. Now, he's an Emeritus member of the Advisory Board, fixed Autorun for hundreds of…
youtu.be
December 1, 2025 at 6:39 PM
If you haven't met the OSTIF community and me, they have a special introduction for you.
Check out OSTIF's Meet the Community video to learn more about my professional experience and envisioned changes for the open source community.
Thanks to the OSTIF team for the great intro! shorturl.at/q9J8R
Check out OSTIF's Meet the Community video to learn more about my professional experience and envisioned changes for the open source community.
Thanks to the OSTIF team for the great intro! shorturl.at/q9J8R
Reposted
cool folks doing cool stuff - do not miss out!
@shielder.com security researchers Davide and Pietro will be presenting on their audit of OpenEXR next Tuesday, 13:00 CST. Join to hear about how a team at the top of their game is auditing high-value targets used in a billion dollar industry.
RSVP here: luma.com/ir16fuig
RSVP here: luma.com/ir16fuig
Security Audit of OpenEXR · Luma
Description
Join security researchers Pietro and Davide from Shielder as they take us through a source code security audit of the Academy Software Foundation's…
luma.com
November 24, 2025 at 3:59 PM
cool folks doing cool stuff - do not miss out!
@shielder.com security researchers Davide and Pietro will be presenting on their audit of OpenEXR next Tuesday, 13:00 CST. Join to hear about how a team at the top of their game is auditing high-value targets used in a billion dollar industry.
RSVP here: luma.com/ir16fuig
RSVP here: luma.com/ir16fuig
Security Audit of OpenEXR · Luma
Description
Join security researchers Pietro and Davide from Shielder as they take us through a source code security audit of the Academy Software Foundation's…
luma.com
November 24, 2025 at 3:57 PM
@shielder.com security researchers Davide and Pietro will be presenting on their audit of OpenEXR next Tuesday, 13:00 CST. Join to hear about how a team at the top of their game is auditing high-value targets used in a billion dollar industry.
RSVP here: luma.com/ir16fuig
RSVP here: luma.com/ir16fuig
Reposted
I had the opportunity to meet up with members of the Open Source Technology Improvement Fund (OSTIF) where we discussed the benefits and tradeoffs of publishing threat models. Grateful to engage with this awesome community!
Check out the recording from the meetup! 👉 shorturl.at/6uKfu
Check out the recording from the meetup! 👉 shorturl.at/6uKfu
Meetup 007: Threat Modeling with Adam Shostack
Topic
Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source should take the lead.
Speaker
Adam Shostack…
youtu.be
November 21, 2025 at 4:15 PM
I had the opportunity to meet up with members of the Open Source Technology Improvement Fund (OSTIF) where we discussed the benefits and tradeoffs of publishing threat models. Grateful to engage with this awesome community!
Check out the recording from the meetup! 👉 shorturl.at/6uKfu
Check out the recording from the meetup! 👉 shorturl.at/6uKfu
Reposted
Quarkslab engineers Robin David, Mihail Kirov and Kaname just completed the first public security audit of Bitcoin Core, led by
@ostifofficial.bsky.social and funded by Brink.dev
Details on the blog post:
blog.quarkslab.com/bitcoin-core...
Congrats to developers for such software masterpiece !
@ostifofficial.bsky.social and funded by Brink.dev
Details on the blog post:
blog.quarkslab.com/bitcoin-core...
Congrats to developers for such software masterpiece !
Bitcoin Core audit - Quarkslab's blog
The Open Source Technology Improvement Fund, Inc. mandated Quarkslab to perform the first public security audit of Bitcoin core, the reference open-source implementation of the Bitcoin decentralized p...
blog.quarkslab.com
November 19, 2025 at 3:40 PM
Quarkslab engineers Robin David, Mihail Kirov and Kaname just completed the first public security audit of Bitcoin Core, led by
@ostifofficial.bsky.social and funded by Brink.dev
Details on the blog post:
blog.quarkslab.com/bitcoin-core...
Congrats to developers for such software masterpiece !
@ostifofficial.bsky.social and funded by Brink.dev
Details on the blog post:
blog.quarkslab.com/bitcoin-core...
Congrats to developers for such software masterpiece !
We've been a bit excited about this one.
We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and @quarkslab.bsky.social to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit.
Read more at our blog: ostif.org/bitcoin-core...
We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and @quarkslab.bsky.social to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit.
Read more at our blog: ostif.org/bitcoin-core...
Bitcoin Core Audit Complete! – OSTIF.org
ostif.org
November 19, 2025 at 3:32 PM
We've been a bit excited about this one.
We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and @quarkslab.bsky.social to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit.
Read more at our blog: ostif.org/bitcoin-core...
We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and @quarkslab.bsky.social to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit.
Read more at our blog: ostif.org/bitcoin-core...
Reposted
We are pleased to announce that the KubeVirt Security Audit report has been published, in collaboration with @quarkslab.bsky.social and @ostifofficial.bsky.social
Check out our blog post for all the details: kubevirt.io/2025/Announc...
Check out our blog post for all the details: kubevirt.io/2025/Announc...
Announcing the results of our Security Audit | KubeVirt.io
As part of our application to Graduate, KubeVirt has a security audit performed by a third-party, organised through the CNCF and OSTIF.
kubevirt.io
November 12, 2025 at 8:22 AM
We are pleased to announce that the KubeVirt Security Audit report has been published, in collaboration with @quarkslab.bsky.social and @ostifofficial.bsky.social
Check out our blog post for all the details: kubevirt.io/2025/Announc...
Check out our blog post for all the details: kubevirt.io/2025/Announc...
Reposted
#KubeCon day 1 keynotes: Amir Montaziry from @ostifofficial.bsky.social talking about securing open source projects and an update on the @kubernetes.io audit which I helped out with along with @iainsmart.bsky.social
November 11, 2025 at 2:46 PM
#KubeCon day 1 keynotes: Amir Montaziry from @ostifofficial.bsky.social talking about securing open source projects and an update on the @kubernetes.io audit which I helped out with along with @iainsmart.bsky.social
OSTIF is proud to announce that our audit of @kubevirt.bsky.social is now public! This would not be possible without the contributions of Quarkslab and the Cloud Native Computing Foundation. Read about the work on our blog: ostif.org/kubevirt-aud...
KubeVirt Audit is Complete! – OSTIF.org
ostif.org
November 7, 2025 at 3:53 PM
OSTIF is proud to announce that our audit of @kubevirt.bsky.social is now public! This would not be possible without the contributions of Quarkslab and the Cloud Native Computing Foundation. Read about the work on our blog: ostif.org/kubevirt-aud...
Amir and Derek present Reflections on 10 Years: Celebrating the Open Source Technology Improvement Fund next Thursday, November 6th 13:00 CST. Hear our friends and collaborators in discussion with us about our past, present, and future.
RSVP here: luma.com/nudnh5sv
RSVP here: luma.com/nudnh5sv
Reflections on 10 Years w/ OSTIF · Luma
Description
The Open Source Technology Improvement Fund is celebrating its 10th year, and we're spilling our secrets to the community! Come learn about our…
luma.com
October 30, 2025 at 5:54 PM
Amir and Derek present Reflections on 10 Years: Celebrating the Open Source Technology Improvement Fund next Thursday, November 6th 13:00 CST. Hear our friends and collaborators in discussion with us about our past, present, and future.
RSVP here: luma.com/nudnh5sv
RSVP here: luma.com/nudnh5sv