Lightnews — Scholar-powered news

Reposted

OpenSSF @openssf.org · 5d

The @ostifofficial.bsky.social recently completed a security audit of #OpenSSFScorecard.

With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .

Read to learn more:🔗 openssf.org/blog/2025/10...

1 2

Reposted

Adam Shostack @adamshostack.bsky.social · 1d

Publish your threat models!

Not convinced?

I'll be hosting a talk with OSTIF on Oct 29 @ 2pm CT for you to ask me questions.

Register now and have your questions, thoughts, and comments ready!

luma.com/6fvp6orm

Threat Modeling w/ Adam Shostack · Zoom · Luma

Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…

luma.com

9 16

ostifofficial.bsky.social @ostifofficial.bsky.social · 6d

Join us October 29th at 14:00 CST for a meetup with @adamshostack.bsky.social!

RSVP here: luma.com/6fvp6orm

First Adam will present on threat models (he literally wrote *the* book on the subject) and a Q&A portion will follow. We look forward to him and our community connecting!

Threat Modeling w/ Adam Shostack · Zoom · Luma

Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…

luma.com

1 1

ostifofficial.bsky.social @ostifofficial.bsky.social · 12d

yeah i can't even like this post about it bc it makes me so mad

1

Reposted

The Linux Foundation @linuxfoundation.org · 13d

🆕 🔐 Cybersecurity isn’t just for CISOs—every leader must frame cyber risk as business risk.

LF’s Executive Education equips senior leaders to:
🔹 Turn risk into advantage
🔹 Build resilient teams
🔹 Leverage emerging tech

apply now 👉 training.linuxfoundation.org/training/lfe...

#CyberRisk

Cybersecurity Strategy & Risk Management for Executives

This series helps leaders turn cyber risks into business strategy, driving growth, innovation, and resilience.

training.linuxfoundation.org

2 8

ostifofficial.bsky.social @ostifofficial.bsky.social · 14d

Duck, duck...goose (eggs)!

OSTIF is honored to be a five time recipient of DuckDuckGo's Charitable Donations Program. Read about this donation and its impact on us at our blog: ostif.org/five-years-d...

OSTIF Recieves a Fifth Yearly Donation from DuckDuckGo! – OSTIF.org

ostif.org

1

ostifofficial.bsky.social @ostifofficial.bsky.social · 14d

We've got a GNU audit for you!
GNU libmicrohttpd2 was audited thanks to @sovereign.tech and ADA Logics. The library underwent a threat modeling practice, fuzzing improvements, and a small cryptography review. Read about it on our blog: ostif.org/gnu-libmicro...

GNU libmicrohttpd2 Audit Complete! – OSTIF.org

ostif.org

1

ostifofficial.bsky.social @ostifofficial.bsky.social · 19d

We're baaaccckkkkk...
and this time, we have @adamshostack.bsky.social!
Join us next month, Oct 29th 14:00 CST, for a meetup on threat modeling: developing them, using them, and publishing them. RSVP to attend: luma.com/6fvp6orm

Threat Modeling w/ Adam Shostack · Zoom · Luma

Description Publish your threat models! This talk will cover the idea of publishing threat models, the dangers associated with the idea, and why open source…

luma.com

1 1

Reposted

Quarkslab @quarkslab.bsky.social · 23d

RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀
In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
blog.quarkslab.com/security-rev...

Security review of PHP documentation - Quarkslab's blog

The Open Source Technology Improvement Fund, Inc., engaged with Quarkslab to perform a security audit of the code snippets in the English version of PHP documentation, focused on some specific pages.

blog.quarkslab.com

5 7

ostifofficial.bsky.social @ostifofficial.bsky.social · Sep 12

Join us in celebrating our first Community Spotlight honorees, David Korczynski and Adam Korczynski! Learn more about these brothers and business partners in our Community Spotlight post: ostif.org/001-2025-com...

ostifofficial.bsky.social @ostifofficial.bsky.social · Sep 8

Start your workweek with a bit of rumination and OSTIF's latest blog post: "Open Source Summit and OpenSSF Community Day EU 2025 Reflection" ostif.org/ossummit-com...

Open Source Summit and OpenSSF Community Days EU 2025 Reflection – OSTIF.org

ostif.org

ostifofficial.bsky.social @ostifofficial.bsky.social · Aug 28

@openssf.org Community Day aka the big day for us! Amir will participating in a tabletop exercise at 15:40 and Helen will be speaking on our audit of RSTUF at 10:50. Check out the rest of the schedule here: events.linuxfoundation.org/openssf-comm...

Schedule | LF Events

View the SOSS Community Day North America 2024 Schedule & Speakers.

events.linuxfoundation.org

1

ostifofficial.bsky.social @ostifofficial.bsky.social · Aug 18

Bridging the gap between open source project security and foundations- its what we do.

"The Bridge to Improving Security: How OSTIF Helps Foundations" is live now on our blog: ostif.org/ostif-helps-...

The Bridge to Improving Security: How OSTIF Helps Foundations – OSTIF.org

ostif.org

ostifofficial.bsky.social @ostifofficial.bsky.social · Aug 13

thank you to the @openssf.org for the opportunity to chat about our work and mission on "What's in the SOSS?" Listen on your preferred podcasting app: openssf.org/podcast/2025...

What’s in the SOSS? Podcast #37 – S2E14 Open Source Security: OSTIF’s 10-Year Journey of Collaborative Audits – Open Source Security Foundation

openssf.org

Reposted

Least Authority @leastauthority.bsky.social · Aug 7

Our team recently completed three security audits of Permuto for @chia.net. You can read the full report, including our findings, here: leastauthority.com/blog/audit-o...

Chia Network - Permuto - Least Authority

Chia Network has requested that Least Authority perform security audits of Permuto.

leastauthority.com

1

Reposted

All Things Open @allthingsopen.bsky.social · Aug 7

We're thrilled to have Amir Montazery, Managing Director for @ostifofficial.bsky.social, presenting "Success Stories in Open Source: Third Party Security Audits" at #AllThingsOpen! 2025.allthingsopen.org/sessions/2-f...

2 4

ostifofficial.bsky.social @ostifofficial.bsky.social · Aug 5

We thought it would be timely to make a statement about our involvement with and position re: @OpenForumEurope EU-STF report. Get our thoughts at the blog: ostif.org/eu-stf-and-o...

EU-STF and OSTIF – OSTIF.org

ostif.org

ostifofficial.bsky.social @ostifofficial.bsky.social · Aug 4

Our Managing Director Amir will be speaking at the @aswf.io Open Source Days on Sunday! RSVP at sched.co/25j6n to hear about why "Security Audits Aren't Scary", and how renewable security efforts help projects, foundations, and the open source community!

Open Source Days 2025: Security Audits are Not Scary - Applying...

View more about this event at Open Source Days 2025

sched.co

ostifofficial.bsky.social @ostifofficial.bsky.social · Jul 31

In partnership with @aswf.io, OSTIF and @shielder.com worked on audits of MaterialX and OpenEXR. Our deepest gratitude for this opportunity to work with incredible maintainers and cool projects such as these- read about them at our blogs: ostif.org/materialx-au..., ostif.org/openexr-audi...

2 3

Reposted

Shielder @shielder.com · Jul 31

🚨 New Open Source Audit Alert! 🚨

Shielder, with @ostifofficial.bsky.social & ASWF audited OpenEXR and MaterialX:
🔍 11 issues found (1 critical, 3 still to be published)
✔️ Most fixed, others planned
🗣️ ndaprela @smaury.bsky.social @suidpit.bsky.social @thezero.org

Full details in the blog post ⬇️🧵

1 4 4

ostifofficial.bsky.social @ostifofficial.bsky.social · Jul 30

It's possible- our audit of PowSyBl is complete!

Completed with auditing by Ada Logics and funding provided by @lfenergy.bsky.social, the work resulted in multiple holistic improvements to project security. Details at our blog: ostif.org/powsybl-audi...

PowSyBl Audit Complete! – OSTIF.org

ostif.org

ostifofficial.bsky.social @ostifofficial.bsky.social · Jul 28

OSTIF, RSTUF, and X-41 D-Sec are presenting on the audit of RSTUF next month in Amsterdam at @openssf.org Community Day! RSVP to add our talk to your schedule at sched.co/25dGk

OpenSSF Community Day Europe 2025: Securing RSTUF To Secure Your Supply Cha...

View more about this event at OpenSSF Community Day Europe 2025

sched.co

1

ostifofficial.bsky.social @ostifofficial.bsky.social · Jul 16

We “conda” believe it! In collaboration with 7ASecurity and @sovereign.tech, we carried out an audit of conda-forge. Read the details at our blog: ostif.org/conda-forge-...

conda-forge Audit Complete! – OSTIF.org

ostif.org

3 5

ostifofficial.bsky.social @ostifofficial.bsky.social · Jun 23

Happy Anniversary to our audit of CycloneDDS! Released last year, this work was a collab with Alpha Omega, Eclipse Foundation, X41 D-Sec, and CycloneDDS maintainers with OSTIF to create security outcomes. Read the report and visith shareholder blogs at our own blog: ostif.org/cyclndds-aud...

CycloneDDS Audit Complete! – OSTIF.org

ostif.org

ostifofficial.bsky.social @ostifofficial.bsky.social · Jun 18

Party on, OSTIF!
We toasted in our 10 year anniversary this weekend with a new employee, new merch, and fresh eyes on the next 10 years ahead (also: cheesecake pie). See some pics of the party and read about the rest of our anniversary plans at our blog: ostif.org/10yr-party/