Join us in celebrating our first Community Spotlight honorees, David Korczynski and Adam Korczynski! Learn more about these brothers and business partners in our Community Spotlight post: ostif.org/001-2025-com...

In partnership with @aswf.io, OSTIF and @shielder.com worked on audits of MaterialX and OpenEXR. Our deepest gratitude for this opportunity to work with incredible maintainers and cool projects such as these- read about them at our blogs: ostif.org/materialx-au..., ostif.org/openexr-audi...

Party on, OSTIF!
We toasted in our 10 year anniversary this weekend with a new employee, new merch, and fresh eyes on the next 10 years ahead (also: cheesecake pie). See some pics of the party and read about the rest of our anniversary plans at our blog: ostif.org/10yr-party/

We are erupting with excitement to share our audit of Volcano! This work was completed with support from @cncf.io and auditing done by Ada Logics. It resulted in improvements to fuzz testing and secure by design processes- read about those results and more at ostif.org/volcano-audi...

OSTIF is proud to share the results of our audit of Ruby on Rails. Completed with auditing by X41 D-Sec and engineering support provided by @gitlab.com, this work was possible with funding by the @sovereign.tech.
Read more about this audit at our blog: ostif.org/ruby-on-rail...

As OSTIF grows our presence in communities and offers an open platform for people through our meetups, it became more pressing to us as a team to create a Code of Conduct to set the expectation of behavior for those we interact with.
Read more about the Code: ostif.org/ostif-code-o...

We're pleased to announce the publication of our audits of nghttp3 and ngtcp2! Carried out by X41 D-Sec with funding by @sovereign.tech, the details are available at our blog: ostif.org/nghttp3-ngtc...

We are proud to share the results of our audit of NATS! The work was done in collaboration with @trailofbits.bsky.social , @synadia.bsky.social , and the @cncf.io - read more details at ostif.org/nats-audit-c...

OSTIF is proud to announce the publication of our audit of
@istio.io's ztunnel implementation. This work was done with the Istio product security working group, @trailofbits.bsky.social and the @cncf.io. Read about the results in our blog ostif.org/istio-ztunne...

We are so excited to announce the publication of our audit of PHP core! This work was made possible through a collaboration between OSTIF, @thephpf.bsky.social, and @quarkslab.bsky.social with funding provided by @sovereign.tech. For the report and further links, check out ostif.org/php-audit-co...

OSTIF is proud to share our 2024 Annual Report today, covering the 60 open source security engagements we directed last year.

lnkd.in/dZitiRB5 to read our quick intro before jumping in OR get right to it at lnkd.in/dgB7TAMZ (PDF warning)

Join us later this month on Feb 19th at 2PM CST (Chicago) for an OSTIF.org meetup with @nadim.computer Senior Applied Cryptography Auditor at Cure53, who will be presenting "Unmasking Cryptographic Risks: A Deep Dive into the Nym Audit".

RSVP at lu.ma/o2dasp0m

Full disclosure, mostly took pictures of food and the night skyline this past week but please believe Amir and Helen had a great time at @fosdem.bsky.social and @openuk.bsky.social #SOOCon25. I promise we met people and went to talks. See attached for proof.

Ship happens- and that's why security audits are an important part of security efforts. We facilitated work on #Karmada thanks to support from the @cncf.io and with auditing performed by @shielder.com. You can now sea the impact of an audit for yourself at ostif.org/karmada-audi...

Listen up! We are sharing the results of our audit of Backstage with Spotify Engineering, X41D-Sec, and @cncf.io. This second audit has been music to our ears, so read some notes at ostif.org/backstage-au.... Links to other blogs are included in our link for further reading.

So proud to be a four time recipient DuckDuckGo's Charitable Donations! Read about how this donation helps us at OSTIF at ostif.org/ddg-donation..., and consider supporting internet privacy this #GivingTuesday2024. The full list of firms honored is available at spreadprivacy.com/2024-duckduc...