The Open Source Technology Improvement Fund is proud to share the results of our security engagement on Developing ECH for OpenSSL (“DEfO”). With the help of @adalogics @7ASecurity and the @sovtechfund, this project received expert security review, testing, and custom documentation contributing to DEfO’s ongoing development and security. Read more about it on our blog:
While reflecting on our past 10 years, we revisited vulnerabilities discovered during OSTIF audits. As a result of our work, several hundred bugs a year are discovered on average. With that in mind, our Executive Director Derek Zimmer proposed a new program: a Bug of the Year trophy, given to the individual who finds the best bug published by OSTIF in a calendar year.
We are proud to announce our top 3 bugs of the year on our blog: https://ostif.org/bug-of-the-year-award-2025/
OSTIF is proud to share the results of our security audit of Stork.
Stork is an open source project developed by the Internet Systems Consortium (ISC) that acts as an administrative interface for monitoring, maintaining, and surveilling Kea servers.
With the help of 7ASecurity, this project received custom security testing, documentation, and tooling contributing to Stork’s ongoing security and development work.
Full post here: https://ostif.org/stork-audit-complete/
The Open Source Technology Improvement Fund is proud to share the results of our security audit of zlib.
Zlib is an open source lossless data-compression library for use on virtually any computer hardware and operating system.
Thanks to the efforts of @7asecurity and the Sovereign Tech Fund, this project underwent a holistic security review.
Read about the process and results here 👉 https://ostif.org/zlib-audit-complete/
OSTIF