By OSTIF Marketing and Community Manager Helen Woeste
Sourcing funding is one of the biggest challenges Open Source Technology Improvement Fund (OSTIF) faces as a non-profit, and our relationship with Alpha-Omega has positively changed our output and reach to help open source projects improve their security.
Working in partnership with Alpha-Omega, OSTIF has generated security outcomes for OpenSSL and Eclipse Foundation projects Jetty, EquinoxP2, CycloneDDS, Temurin, Kuksa, Mosquitto, and JKube. Over the past two years, our work together has resulted in over 100 findings fixed across 8 different projects, including 11 Critical/High issues. This association between open source security organizations has had influential results for the whole of the community, while remaining lightweight on maintainers and Alpha-Omega stakeholders. Individuals can focus on their day-to-day roles, while still contributing to our audit teams’ development of effective reports that result in actionable, positive changes to security.
So far this year, OSTIF has:
- Released our 2024 Annual Report
- Published 15 audits
- 132 Findings with Security Impact
- 10 Critical/High
- 26 Medium
- 96 Low/Informational
- 132 Findings with Security Impact
- Celebrated our 10 Year Anniversary
- Hosted 4 Meetups
- We’re growing our community- sign up to present your open source security work!
- Watch previous meetups on our Youtube
- Attended Alpha-Omega Roundtable in Denver at the Open Source Summit North America
- Attended FOSDEM in Brussels and StateofOpenCon in London
These figures and milestones are remarkable and exciting considering the first half of the year is usually our slow season. Providing projects with the resources necessary to engage high-quality security work throughout the year is a priority of ours as we move into our next 10 years. Foundations and governments are limited by budget approvals during the fiscal year, but organizations like Alpha-Omega are a huge reason why OSTIF’s work is able to happen consistently year round, making it easier for open source projects to opt into security work at ideal points in their development cycles.
In 2025 we’ve provided security outcomes to five separate funders and millions of end users. There are multiple security engagements in the works funded by Alpha-Omega in collaboration with OSTIF to be released later this year. Additionally, we are in talks to further OSTIF and Alpha-Omega’s impact on the security ecosystem of open source in new and exciting ways. Follow Alpha-Omega and OSTIF on your preferred social media and stay up to date on our audit releases and more open source security coming out in 2025!
Visit ostif.org to learn more about our work and mission, and check out our Audit page to see the entirety of our body of work available publicly.
Author Bio
Helen is a Hoosier who spent her youth in West Lafayette and then Bloomington, Indiana, spending time in the latter earning her undergraduate degree in History from Indiana University. A month after graduation she moved to Chicago where she worked in hospitality and food service management, running a variety of enterprises from bakeries to high-end restaurants to a pasta food truck. In 2023, she transitioned into open source by accepting a position with OSTIF. She is grateful for the opportunity to work with a global community that prioritizes sharing free knowledge for the greater good.
