@ostifofficial.bsky.social
Reposted
I had the opportunity to meet up with members of the Open Source Technology Improvement Fund (OSTIF) where we discussed the benefits and tradeoffs of publishing threat models. Grateful to engage with this awesome community!
Check out the recording from the meetup! 👉 shorturl.at/6uKfu
Check out the recording from the meetup! 👉 shorturl.at/6uKfu
Meetup 007: Threat Modeling with Adam Shostack
Topic
Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source should take the lead.
Speaker
Adam Shostack…
youtu.be
November 21, 2025 at 4:15 PM
I had the opportunity to meet up with members of the Open Source Technology Improvement Fund (OSTIF) where we discussed the benefits and tradeoffs of publishing threat models. Grateful to engage with this awesome community!
Check out the recording from the meetup! 👉 shorturl.at/6uKfu
Check out the recording from the meetup! 👉 shorturl.at/6uKfu
Reposted
Quarkslab engineers Robin David, Mihail Kirov and Kaname just completed the first public security audit of Bitcoin Core, led by
@ostifofficial.bsky.social and funded by Brink.dev
Details on the blog post:
blog.quarkslab.com/bitcoin-core...
Congrats to developers for such software masterpiece !
@ostifofficial.bsky.social and funded by Brink.dev
Details on the blog post:
blog.quarkslab.com/bitcoin-core...
Congrats to developers for such software masterpiece !
Bitcoin Core audit - Quarkslab's blog
The Open Source Technology Improvement Fund, Inc. mandated Quarkslab to perform the first public security audit of Bitcoin core, the reference open-source implementation of the Bitcoin decentralized p...
blog.quarkslab.com
November 19, 2025 at 3:40 PM
Quarkslab engineers Robin David, Mihail Kirov and Kaname just completed the first public security audit of Bitcoin Core, led by
@ostifofficial.bsky.social and funded by Brink.dev
Details on the blog post:
blog.quarkslab.com/bitcoin-core...
Congrats to developers for such software masterpiece !
@ostifofficial.bsky.social and funded by Brink.dev
Details on the blog post:
blog.quarkslab.com/bitcoin-core...
Congrats to developers for such software masterpiece !
We've been a bit excited about this one.
We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and @quarkslab.bsky.social to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit.
Read more at our blog: ostif.org/bitcoin-core...
We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and @quarkslab.bsky.social to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit.
Read more at our blog: ostif.org/bitcoin-core...
Bitcoin Core Audit Complete! – OSTIF.org
ostif.org
November 19, 2025 at 3:32 PM
We've been a bit excited about this one.
We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and @quarkslab.bsky.social to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit.
Read more at our blog: ostif.org/bitcoin-core...
We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and @quarkslab.bsky.social to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit.
Read more at our blog: ostif.org/bitcoin-core...
Reposted
We are pleased to announce that the KubeVirt Security Audit report has been published, in collaboration with @quarkslab.bsky.social and @ostifofficial.bsky.social
Check out our blog post for all the details: kubevirt.io/2025/Announc...
Check out our blog post for all the details: kubevirt.io/2025/Announc...
Announcing the results of our Security Audit | KubeVirt.io
As part of our application to Graduate, KubeVirt has a security audit performed by a third-party, organised through the CNCF and OSTIF.
kubevirt.io
November 12, 2025 at 8:22 AM
We are pleased to announce that the KubeVirt Security Audit report has been published, in collaboration with @quarkslab.bsky.social and @ostifofficial.bsky.social
Check out our blog post for all the details: kubevirt.io/2025/Announc...
Check out our blog post for all the details: kubevirt.io/2025/Announc...
Reposted
#KubeCon day 1 keynotes: Amir Montaziry from @ostifofficial.bsky.social talking about securing open source projects and an update on the @kubernetes.io audit which I helped out with along with @iainsmart.bsky.social
November 11, 2025 at 2:46 PM
#KubeCon day 1 keynotes: Amir Montaziry from @ostifofficial.bsky.social talking about securing open source projects and an update on the @kubernetes.io audit which I helped out with along with @iainsmart.bsky.social
OSTIF is proud to announce that our audit of @kubevirt.bsky.social is now public! This would not be possible without the contributions of Quarkslab and the Cloud Native Computing Foundation. Read about the work on our blog: ostif.org/kubevirt-aud...
KubeVirt Audit is Complete! – OSTIF.org
ostif.org
November 7, 2025 at 3:53 PM
OSTIF is proud to announce that our audit of @kubevirt.bsky.social is now public! This would not be possible without the contributions of Quarkslab and the Cloud Native Computing Foundation. Read about the work on our blog: ostif.org/kubevirt-aud...
Amir and Derek present Reflections on 10 Years: Celebrating the Open Source Technology Improvement Fund next Thursday, November 6th 13:00 CST. Hear our friends and collaborators in discussion with us about our past, present, and future.
RSVP here: luma.com/nudnh5sv
RSVP here: luma.com/nudnh5sv
Reflections on 10 Years w/ OSTIF · Luma
Description
The Open Source Technology Improvement Fund is celebrating its 10th year, and we're spilling our secrets to the community! Come learn about our…
luma.com
October 30, 2025 at 5:54 PM
Amir and Derek present Reflections on 10 Years: Celebrating the Open Source Technology Improvement Fund next Thursday, November 6th 13:00 CST. Hear our friends and collaborators in discussion with us about our past, present, and future.
RSVP here: luma.com/nudnh5sv
RSVP here: luma.com/nudnh5sv
Boo! Publish your threat models! 👻 Does that scare you?
Join us Wednesday, Oct 29th at 14:00 CT with @adamshostack.bsky.social, who will be presenting on why transparency isn't something to be frightened of.
RSVP to add straight to your calendar: luma.com/6fvp6orm
Join us Wednesday, Oct 29th at 14:00 CT with @adamshostack.bsky.social, who will be presenting on why transparency isn't something to be frightened of.
RSVP to add straight to your calendar: luma.com/6fvp6orm
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description
Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
luma.com
October 27, 2025 at 5:16 PM
Boo! Publish your threat models! 👻 Does that scare you?
Join us Wednesday, Oct 29th at 14:00 CT with @adamshostack.bsky.social, who will be presenting on why transparency isn't something to be frightened of.
RSVP to add straight to your calendar: luma.com/6fvp6orm
Join us Wednesday, Oct 29th at 14:00 CT with @adamshostack.bsky.social, who will be presenting on why transparency isn't something to be frightened of.
RSVP to add straight to your calendar: luma.com/6fvp6orm
Reposted
Should we publish our threat models?
I explore a different lens with OSTIF for how transparency can benefit everyone.
Oct 29, 14:00 CT 👉 luma.com/6fvp6orm
I explore a different lens with OSTIF for how transparency can benefit everyone.
Oct 29, 14:00 CT 👉 luma.com/6fvp6orm
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
luma.com
October 27, 2025 at 5:00 PM
Should we publish our threat models?
I explore a different lens with OSTIF for how transparency can benefit everyone.
Oct 29, 14:00 CT 👉 luma.com/6fvp6orm
I explore a different lens with OSTIF for how transparency can benefit everyone.
Oct 29, 14:00 CT 👉 luma.com/6fvp6orm
On November 6th at 13:00 CST, we are hosting "Reflections on 10 Years with OSTIF." Not just a reflection, this is a summation of our past, present, and future. RSVP to tell us your OSTIF experience, join in the celebration, or just to see what special guests we have joining: luma.com/nudnh5sv
Reflections on 10 Years w/ OSTIF · Luma
Description
The Open Source Technology Improvement Fund is celebrating its 10th year, and we're spilling our secrets to the community! Come learn about our…
luma.com
October 17, 2025 at 4:14 PM
On November 6th at 13:00 CST, we are hosting "Reflections on 10 Years with OSTIF." Not just a reflection, this is a summation of our past, present, and future. RSVP to tell us your OSTIF experience, join in the celebration, or just to see what special guests we have joining: luma.com/nudnh5sv
This week's blog is "OSTIF's Strategy Plan". No holds barred, it's complete transparency of what our goals for the next 3-5 years are. If you've got 5 minutes to spare on this autumn Friday, you'll be caught up: ostif.org/ostifs-strat...
OSTIF’s Strategy Plan – OSTIF.org
ostif.org
October 17, 2025 at 4:12 PM
This week's blog is "OSTIF's Strategy Plan". No holds barred, it's complete transparency of what our goals for the next 3-5 years are. If you've got 5 minutes to spare on this autumn Friday, you'll be caught up: ostif.org/ostifs-strat...
Reposted
The @ostifofficial.bsky.social recently completed a security audit of #OpenSSFScorecard.
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
October 10, 2025 at 5:42 PM
The @ostifofficial.bsky.social recently completed a security audit of #OpenSSFScorecard.
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
Reposted
Publish your threat models!
Not convinced?
I'll be hosting a talk with OSTIF on Oct 29 @ 2pm CT for you to ask me questions.
Register now and have your questions, thoughts, and comments ready!
luma.com/6fvp6orm
Not convinced?
I'll be hosting a talk with OSTIF on Oct 29 @ 2pm CT for you to ask me questions.
Register now and have your questions, thoughts, and comments ready!
luma.com/6fvp6orm
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
luma.com
October 13, 2025 at 7:56 PM
Publish your threat models!
Not convinced?
I'll be hosting a talk with OSTIF on Oct 29 @ 2pm CT for you to ask me questions.
Register now and have your questions, thoughts, and comments ready!
luma.com/6fvp6orm
Not convinced?
I'll be hosting a talk with OSTIF on Oct 29 @ 2pm CT for you to ask me questions.
Register now and have your questions, thoughts, and comments ready!
luma.com/6fvp6orm
Join us October 29th at 14:00 CST for a meetup with @adamshostack.bsky.social!
RSVP here: luma.com/6fvp6orm
First Adam will present on threat models (he literally wrote *the* book on the subject) and a Q&A portion will follow. We look forward to him and our community connecting!
RSVP here: luma.com/6fvp6orm
First Adam will present on threat models (he literally wrote *the* book on the subject) and a Q&A portion will follow. We look forward to him and our community connecting!
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description
Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
luma.com
October 9, 2025 at 5:13 PM
Join us October 29th at 14:00 CST for a meetup with @adamshostack.bsky.social!
RSVP here: luma.com/6fvp6orm
First Adam will present on threat models (he literally wrote *the* book on the subject) and a Q&A portion will follow. We look forward to him and our community connecting!
RSVP here: luma.com/6fvp6orm
First Adam will present on threat models (he literally wrote *the* book on the subject) and a Q&A portion will follow. We look forward to him and our community connecting!
Reposted
🆕 🔐 Cybersecurity isn’t just for CISOs—every leader must frame cyber risk as business risk.
LF’s Executive Education equips senior leaders to:
🔹 Turn risk into advantage
🔹 Build resilient teams
🔹 Leverage emerging tech
apply now 👉 training.linuxfoundation.org/training/lfe...
#CyberRisk
LF’s Executive Education equips senior leaders to:
🔹 Turn risk into advantage
🔹 Build resilient teams
🔹 Leverage emerging tech
apply now 👉 training.linuxfoundation.org/training/lfe...
#CyberRisk
Cybersecurity Strategy & Risk Management for Executives
This series helps leaders turn cyber risks into business strategy, driving growth, innovation, and resilience.
training.linuxfoundation.org
October 2, 2025 at 4:31 PM
🆕 🔐 Cybersecurity isn’t just for CISOs—every leader must frame cyber risk as business risk.
LF’s Executive Education equips senior leaders to:
🔹 Turn risk into advantage
🔹 Build resilient teams
🔹 Leverage emerging tech
apply now 👉 training.linuxfoundation.org/training/lfe...
#CyberRisk
LF’s Executive Education equips senior leaders to:
🔹 Turn risk into advantage
🔹 Build resilient teams
🔹 Leverage emerging tech
apply now 👉 training.linuxfoundation.org/training/lfe...
#CyberRisk
Duck, duck...goose (eggs)!
OSTIF is honored to be a five time recipient of DuckDuckGo's Charitable Donations Program. Read about this donation and its impact on us at our blog: ostif.org/five-years-d...
OSTIF is honored to be a five time recipient of DuckDuckGo's Charitable Donations Program. Read about this donation and its impact on us at our blog: ostif.org/five-years-d...
OSTIF Recieves a Fifth Yearly Donation from DuckDuckGo! – OSTIF.org
ostif.org
October 1, 2025 at 5:04 PM
Duck, duck...goose (eggs)!
OSTIF is honored to be a five time recipient of DuckDuckGo's Charitable Donations Program. Read about this donation and its impact on us at our blog: ostif.org/five-years-d...
OSTIF is honored to be a five time recipient of DuckDuckGo's Charitable Donations Program. Read about this donation and its impact on us at our blog: ostif.org/five-years-d...
We've got a GNU audit for you!
GNU libmicrohttpd2 was audited thanks to @sovereign.tech and ADA Logics. The library underwent a threat modeling practice, fuzzing improvements, and a small cryptography review. Read about it on our blog: ostif.org/gnu-libmicro...
GNU libmicrohttpd2 was audited thanks to @sovereign.tech and ADA Logics. The library underwent a threat modeling practice, fuzzing improvements, and a small cryptography review. Read about it on our blog: ostif.org/gnu-libmicro...
GNU libmicrohttpd2 Audit Complete! – OSTIF.org
ostif.org
September 30, 2025 at 7:01 PM
We've got a GNU audit for you!
GNU libmicrohttpd2 was audited thanks to @sovereign.tech and ADA Logics. The library underwent a threat modeling practice, fuzzing improvements, and a small cryptography review. Read about it on our blog: ostif.org/gnu-libmicro...
GNU libmicrohttpd2 was audited thanks to @sovereign.tech and ADA Logics. The library underwent a threat modeling practice, fuzzing improvements, and a small cryptography review. Read about it on our blog: ostif.org/gnu-libmicro...
We're baaaccckkkkk...
and this time, we have @adamshostack.bsky.social!
Join us next month, Oct 29th 14:00 CST, for a meetup on threat modeling: developing them, using them, and publishing them. RSVP to attend: luma.com/6fvp6orm
and this time, we have @adamshostack.bsky.social!
Join us next month, Oct 29th 14:00 CST, for a meetup on threat modeling: developing them, using them, and publishing them. RSVP to attend: luma.com/6fvp6orm
Threat Modeling w/ Adam Shostack · Zoom · Luma
Description
Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…
luma.com
September 25, 2025 at 7:05 PM
We're baaaccckkkkk...
and this time, we have @adamshostack.bsky.social!
Join us next month, Oct 29th 14:00 CST, for a meetup on threat modeling: developing them, using them, and publishing them. RSVP to attend: luma.com/6fvp6orm
and this time, we have @adamshostack.bsky.social!
Join us next month, Oct 29th 14:00 CST, for a meetup on threat modeling: developing them, using them, and publishing them. RSVP to attend: luma.com/6fvp6orm
Reposted
RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀
In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
blog.quarkslab.com/security-rev...
In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
blog.quarkslab.com/security-rev...
Security review of PHP documentation - Quarkslab's blog
The Open Source Technology Improvement Fund, Inc., engaged with Quarkslab to perform a security audit of the code snippets in the English version of PHP documentation, focused on some specific pages.
blog.quarkslab.com
September 22, 2025 at 3:51 PM
RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀
In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
blog.quarkslab.com/security-rev...
In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
blog.quarkslab.com/security-rev...
Join us in celebrating our first Community Spotlight honorees, David Korczynski and Adam Korczynski! Learn more about these brothers and business partners in our Community Spotlight post: ostif.org/001-2025-com...
September 12, 2025 at 1:29 PM
Join us in celebrating our first Community Spotlight honorees, David Korczynski and Adam Korczynski! Learn more about these brothers and business partners in our Community Spotlight post: ostif.org/001-2025-com...
Start your workweek with a bit of rumination and OSTIF's latest blog post: "Open Source Summit and OpenSSF Community Day EU 2025 Reflection" ostif.org/ossummit-com...
Open Source Summit and OpenSSF Community Days EU 2025 Reflection – OSTIF.org
ostif.org
September 8, 2025 at 12:54 PM
Start your workweek with a bit of rumination and OSTIF's latest blog post: "Open Source Summit and OpenSSF Community Day EU 2025 Reflection" ostif.org/ossummit-com...
@openssf.org Community Day aka the big day for us! Amir will participating in a tabletop exercise at 15:40 and Helen will be speaking on our audit of RSTUF at 10:50. Check out the rest of the schedule here: events.linuxfoundation.org/openssf-comm...
Schedule | LF Events
View the SOSS Community Day North America 2024 Schedule & Speakers.
events.linuxfoundation.org
August 28, 2025 at 7:16 AM
@openssf.org Community Day aka the big day for us! Amir will participating in a tabletop exercise at 15:40 and Helen will be speaking on our audit of RSTUF at 10:50. Check out the rest of the schedule here: events.linuxfoundation.org/openssf-comm...
Bridging the gap between open source project security and foundations- its what we do.
"The Bridge to Improving Security: How OSTIF Helps Foundations" is live now on our blog: ostif.org/ostif-helps-...
"The Bridge to Improving Security: How OSTIF Helps Foundations" is live now on our blog: ostif.org/ostif-helps-...
The Bridge to Improving Security: How OSTIF Helps Foundations – OSTIF.org
ostif.org
August 18, 2025 at 6:26 PM
Bridging the gap between open source project security and foundations- its what we do.
"The Bridge to Improving Security: How OSTIF Helps Foundations" is live now on our blog: ostif.org/ostif-helps-...
"The Bridge to Improving Security: How OSTIF Helps Foundations" is live now on our blog: ostif.org/ostif-helps-...
thank you to the @openssf.org for the opportunity to chat about our work and mission on "What's in the SOSS?" Listen on your preferred podcasting app: openssf.org/podcast/2025...
What’s in the SOSS? Podcast #37 – S2E14 Open Source Security: OSTIF’s 10-Year Journey of Collaborative Audits – Open Source Security Foundation
openssf.org
August 13, 2025 at 5:13 PM
thank you to the @openssf.org for the opportunity to chat about our work and mission on "What's in the SOSS?" Listen on your preferred podcasting app: openssf.org/podcast/2025...
Reposted
Our team recently completed three security audits of Permuto for @chia.net. You can read the full report, including our findings, here: leastauthority.com/blog/audit-o...
Chia Network - Permuto - Least Authority
Chia Network has requested that Least Authority perform security audits of Permuto.
leastauthority.com
August 7, 2025 at 5:33 PM
Our team recently completed three security audits of Permuto for @chia.net. You can read the full report, including our findings, here: leastauthority.com/blog/audit-o...