| DEfO |
April 2026 |
DEfO Audit Complete! |
|
| Stork |
March 2026 |
Stork Audit Complete! |
|
| zlib |
February 2026 |
zlib Audit Complete! |
|
| EVerest |
January 2026 |
EVerest Security Audit Complete! |
|
| CRI-O |
January 2026 |
CRI-O Audit Complete! |
|
| Kea |
January 2026 |
Kea Security Audit Complete! |
|
| Thunderbird Send |
December 2025 |
Thunderbird-Send Audit Complete! |
|
| 25 AI Projects |
December 2025 |
The Open Source AI Series: A security health check of 25 popular open source AI/LLM projects: Findings and lessons learned |
|
| bitcoin core |
November 2025 |
Bitcoin Core Audit Complete! |
|
| KubeVirt |
November 2025 |
KubeVirt Audit Complete! |
|
| GNU libmicrohttpd2 |
September 2025 |
libmicrohttpd2 Audit Complete! |
|
| OpenSSF Security Scorecard |
October 2025 |
OpenSSF Security Scorecard Audit Complete! |
|
| PHP Documentation |
September 2025 |
PHP Documentation Audit Complete! |
|
| OpenEXR |
July 2025 |
OpenEXR Audit Complete! |
|
| MaterialX |
July 2025 |
MaterialX Audit Complete! |
|
| PowSyBl |
July 2025 |
PowSyBl Audit Complete! |
|
| conda forge |
July 2025 |
Conda Forge Audit Complete! |
|
| Ruby on Rails |
June 2025 |
Ruby on Rails Audit Complete! |
|
| Volcano |
June 2025 |
Volcano Audit Complete! |
|
| Log4CXX and Log4Net |
June 2025 |
Log4CXX and Log4Net Audits Complete! |
|
| nghttp3 and ngtcp2 |
May 2025 |
nghttp3 and ngtcp2 Audits Complete! |
|
| NATS |
April 2025 |
NATS Audit Complete! |
|
| Istio ztunnel |
April 2025 |
Istio ztunnel Audit Complete! |
|
| PHP |
April 2025 |
PHP Audit Complete! |
|
| RSTUF |
March 2025 |
RSTUF Audit Complete! |
|
| Logback |
February 2025 |
Logback Audit Complete! |
|
| Linkerd |
February 2025 |
Linkerd Audit Complete! |
|
| HickoryDNS |
February 2025 |
HickoryDNS Audit Complete! |
|
| Notary Project Cryptography |
January 2025 |
Notary Project Cryptography Audit Complete! |
|
| Karmada |
January 2025 |
Karmada Audit Complete! |
|
| Backstage |
December 2024 |
Backstage Audit Complete! |
|
| Node.js Fuzzing |
October 2024 |
Node.js Fuzzing Audit Complete! |
|
| Express |
October 2024 |
Express Audit Complete! |
|
| OperatorFabric |
September 2024 |
OperatorFabric Audit Complete! |
|
| SEAPATH |
September 2024 |
SEAPATH Audit Complete! |
|
| LitmusChaos |
August 2024 |
LitmusChaos Audit Complete! |
|
| Fastify |
August 2024 |
Fastify Audit Complete! |
|
| Cloud Native Buildpacks |
July 2024 |
Cloud Native Buildpacks Audit Complete! |
|
| OpenTelemetry |
July 2024 |
OpenTelemetry Audit Complete! |
|
| Apache Commons |
July 2024 |
Apache Commons Audit Complete! |
|
| CycloneDDS |
June 2024 |
CycloneDDS Audit Complete! |
|
| Temurin |
June 2024 |
Temurin Audit Complete! |
|
| OpenSSL |
June 2024 |
OpenSSL Audit Complete! |
|
| Boost |
May 2024 |
Boost Audit Complete! |
|
| Kuksa |
May 2024 |
Kuksa Audit Complete! |
|
| Cloud Custodian |
April 2024 |
CloudCustodian Audit Complete! |
|
| Bref |
March 2024 |
bref Audit Complete! |
|
| cert-manager |
March 2024 |
cert-manager Audit Complete! |
|
| llvm |
March 2024 |
LLVM Audit Complete! |
|
| cURL HTTP/3 |
February 2024 |
cURL Audit Complete! |
|
| Jackson-Dataformats and Jackson-Datatypes |
February 2024 |
Audit of Jackson-Dataformats and Jackson-Datatypes Complete |
|
| php TUF |
January 2024 |
PHP-TUF Audit Complete! |
|
| Amazon Web Services & Eclipse Foundation Security Audit Impact Report |
Calendar Year 2023 |
Link to Post and Report |
|
| cubeFS |
January 2024 |
CubeFS Security Audit is Complete |
|
| 2023 CNCF Audit Impact Report |
Calendar Year 2023 |
2023 Cloud Native Computing Foundation Audit Impact Report |
|
| 50th Audit Milestone |
YTD |
50th Audit Milestone |
|
| 2023 Annual Report |
Calendar Year 2023 |
2023 OSTIF Annual Report |
|
| nvm |
December 2023 |
nvm Security Audit Complete |
|
| Knative |
November 2023 |
Knative Security Audit Complete |
|
| Kyverno |
November 2023 |
Kyverno Security Audit Complete |
|
| Mosquitto |
November 2023 |
The Buzz about Mosquitto ‘s Security Audit! |
|
| flux |
November 2023 |
In-Flux-ible on bugs- Flux undergoes Security Audit with OSTIF and Trail of Bits |
|
| rustVMM |
November 2023 |
RustVMM Security Audit with OSTIF is Complete! |
|
| Jetty |
October 2023 |
OSTIF Has Completed an Audit of Jetty! |
|
| wasmCloud |
October 2023 |
OSTIF Has Completed A Security Audit of wasmCloud! |
|
| OpenSearch |
September 2023 |
Bugs? Search Me!- OpenSearch Security Audit Completed! |
|
| JKube |
September 2023 |
jKube Security Audit Completed! |
|
| OSTIF's Security Expertise |
September 2023 |
View Here |
|
| Dragonfly |
September 2023 |
OSTIF’s Favorite Bug- DragonFly! |
|
| Dapr |
September 2023 |
Dampening Vulnerabilities in Dapr: Security Audit of Dapr |
|
| Envoy Proxy |
August 2023 |
OSTIF collaborates with the Envoy Team to further improve security posture. |
|
| Crossplane |
July 2023 |
OSTIF completes Security Audit of Crossplane-improved across the board! |
|
| Mozilla K-9 |
July 2023 |
OSTIF’s Security Audit of K-9 Mail is Complete! |
|
| Equinox p2 |
July 2023 |
OSTIF’s Audit of Equinox P2 is Complete! |
|
| libjpegturbo |
July 2023 |
Our Audit of libjpeg-turbo is Complete! |
|
| Notation |
July 2023 |
OSTIF’s Security Audit of Notation-duly Noted! |
|
| go-tuf |
June 2023 |
go-tuf on bugs! OSTIF’s audit of go-tuf! |
|
| Vitess |
May 2023 |
Our Audit of Vitess is Complete! |
|
| in-toto |
May 2023 |
Our Audit of in-toto is Complete! |
|
| C-ares |
May 2023 |
Our Audit of c-ares is Complete! |
|
| Libcap |
May 2023 |
Our Audit of Libcap is Complete! |
|
| SimpleJSON |
April 2023 |
Our Audit of SimpleJSON is Complete! |
|
| 2022 OSTIF Annual Report |
March 2023 |
The 2022 OSTIF Annual Report |
|
| Falco |
March 2023 |
Our Review of Falco is Complete! |
|
| 2022 CNCF Impact Report |
July 2022 - February 2023 |
The OSTIF Impact Report for the Cloud Native Computing Foundation |
|
| git Software Supply Chain Audit |
February 2023 |
Our Software Supply Chain Audit of Git for Windows is Complete! |
|
| Cilium |
February 2023 |
Our Audit of Cilium is Complete! |
|
| KEDA |
February 2023 |
Our Audit of Kubernetes Event Driven Autoscaling (KEDA) is Complete |
|
| Independent Security Audit Impact Report |
February 2023 |
The OSTIF Independent Security Audit Impact Report |
|
| Istio |
January 2023 |
The Audit of Istio is Complete! |
|
| Git |
January 2023 |
The Audit of Git is Complete! |
|
| cURL |
October 2022 |
Results of curl Security Audit. |
|
| CloudEvents |
September 2022 |
Results of the CloudEvents Security Assessment. |
|
| Jackson-Core and Jackson-Databind |
August 2022 |
Our Audits of Jackson-Core and Jackson-Databind are Complete. |
|
| Python-TUF |
September 2022 |
Our Audit of Python-TUF is Complete. Multiple Issues Found and Fixed. |
|
| Backstage |
April - August 2022 |
The OSTIF Audit of Backstage with X41 D-Sec is Complete! |
|
| CNCF Impact Report |
November 2021 - July 2022 |
The Cloud Native Computing Foundation and OSTIF Impact Report. |
|
| slf4j |
April 2022 |
Our Audit of SLF4J is Complete! |
|
| sigstore |
May 2022 |
Our Audit of sigstore is complete. High risk vulnerability found and fixed. |
|
| Argo |
April 2022 |
Our Audit of Argo is Complete. Critical and High Severity Issues Found and Fixed |
|
| KubeEdge |
July 2022 |
Our Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed |
|
| CRI-O |
June 2022 |
Our Audit of CRI-O is Complete. High Severity Issues Found and Fixed |
|
| Flux |
September 2021 |
Our Audit of Flux2 is Complete |
|
| Linux Kernel |
April 2021 |
A Review of the Linux Kernel’s Release Signing and Key Management Policies |
|
| Linux Kernel |
January 2021 |
A Review of the Linux Kernel’s Vulnerability Reporting and Remediation |
|
| COVID Shield |
October 2020 |
The Linux Foundation Public Health Initiative Sponsored the Audit of COVID Exposure Notification Apps. |
|
| COVID Green |
October 2020 |
The Linux Foundation Public Health Initiative Sponsored the Audit of COVID Exposure Notification Apps. |
|
| CLSAG |
July 2020 |
The OSTIF Audit of Monero CLSAG is Complete! |
|
| Unbound |
December 2019 |
Our Audit of Unbound DNS by X41 D-Sec |
|
| RandomX |
August 2019 |
Four Audits of RandomX for Monero and Arweave have been Completed |
|
| OpenSSL |
January 2019 |
The OSTIF and Quarkslab Audit of OpenSSL is Complete |
|
| Monero Bulletproofs |
October 2018 |
The QuarksLab and Kudelski Security audits of Monero Bulletproofs are Complete |
|
| Monero Bulletproofs |
July 2018 |
The QuarksLab and Kudelski Security audits of Monero Bulletproofs are Complete |
|
| OpenSSL PRNG |
September 2018 |
Our Review of the OpenSSL 1.1.1 Random Number Generation Update |
|
| OpenVPN |
May 2017 |
The OpenVPN 2.4.0 Audit by OSTIF and QuarksLab Results |
|
| Veracrypt |
October 2016 |
The VeraCrypt Audit Results |
|