We are excited to announce that #Dapr has concluded its 2023 security audit after a 3 month long joint collaboration with ADA Logics, the #CNCF and #OSTIF. The full report and findings are available publicly here.

https://www.cncf.io/blog/2023/09/06/dapr-completes-2023-security-audit-increasing-enterprise-confidence/

#AWS Teams with #OSTIF on #OpenSource #Security Audits

"Last year, AWS committed to investing $10 million over three years alongside the Open Source Security Foundation (OpenSSF) to fund supply chain security. AWS will be directly funding $500,000 to OSTIF as a portion of our ongoing initiative with OpenSSF."

https://aws.amazon.com/blogs/opensource/aws-teams-with-ostif-on-open-source-security-audits/

The OSTIF-sponsored git source code audit by X41+Gitlab is refreshingly brief without losing necessary technical detail. It's also quite aesthetically pleasing, which I've found helpful with my ADHD attention span.

I'm inspired. What are your favorite reports and whitepapers? I'll take both eloquent and eye-catching.

#Git patched two critical severity security #vulnerabilities that could allow attackers to execute arbitrary code (#RCE) after exploiting heap-based #bufferoverflow weakness. X41 & GitLab found the vulnerabilities as part of an audit sponsored by #OSTIF
https://bit.ly/3Xoalrc

#Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses.

Security experts from #X41 (Eric Sesterhenn and Markus Vervier) and #GitLab (Joern Schneeweisz) found these vulnerabilities as part of a security source code audit of Git sponsored by #OSTIF.

#cybersecurity #infosec #patching #appsec

https://www.bleepingcomputer.com/news/security/git-patches-two-critical-remote-code-execution-security-flaws/

#openssl version 1.1.1 code audit by #ostif and #quarkslab results in thumbs up. 👍 #tls13 https://ostif.org/the-ostif-and-quarkslab-audit-of-openssl-is-complete/