Community post by Amir Montazery, OSTIF
We at OSTIF are excited to announce the 2023 Cloud Native Computing Foundation Audit Impact Report. This is the second year of the program between the two organizations, which combines funding and projects from the CNCF with OSTIF’s auditing resources to synthesize security engagements. Over the last two years, this collaboration has resulted in 24 completed security audits for open source projects.
This year 15 projects were audited, with two more finishing in early 2024. These engagements were customized, holistic, and resulted in over 200 findings with security impact. Furthermore, having completed a third-party security audit, nine of the 2023 projects graduated from the CNCF’s incubation program. As a team, OSTIF and the CNCF work with respected security firms to turn financing into quantifiably positive security work.
The successful collaboration between our two organizations would not be possible without the hard work of many open source individuals. We would like to thank the CNCF, the maintainers of the projects undertaken this year, and our audit teams for their contributions that made this year possible. Please take the opportunity to read the 2023 CNCF/OSTIF Audit Impact Report below and consider the efforts it took to make these incredible changes for open source security possible.