Category: Software

17 articles

The Open Source Technology Improvement Fund, Inc, thanks to funding provided by Sovereign Tech Fund, engaged with Quarkslab to perform a security audit of PHP-SRC, the interpreter of the PHP language.

Date Tue 21 January 2025
Authors Dahmun Goudarzi, Sebastien Rolland, Ramtine Tofighi Shirazi
Category Software

The OSTIF engaged with Quarkslab to perform a security audit of the Notary project, focused on new features.

Date Wed 04 September 2024
Author Pentest Team
Category Software

Quarkslab was mandated by the Open Source Technology Improvement Fund, Inc. to proceed with the security assessment of the Operator Fabric project. The purpose of this assessment is to deliver an expert opinion of the security level reached by the application at a specific moment.

Date Tue 16 July 2024
Authors Mihail Kirov, Sébastien Rolland
Category Software

We performed a security assessment of Cloud Native Buildpacks to help improve it, in collaboration with Open Source Technology Improvement Fund, Inc .

Date Tue 21 May 2024
Authors Damien Aumaitre, Laurent Laubin, Madigan Lebreton, Victor Houal
Category Software

Eclipse KUKSA's committers, with support from Eclipse Foundation, engaged with Quarkslab to perform an audit of Kuksa, an open-source framework that provides shared building blocks for Software Defined Vehicles. The goal of the audit was to assist the Eclipse Kuksa committers to increase their security posture using static and dynamic analysis (fuzzing in particular) and was organized by Open Source Technology Improvement Fund, Inc and made possible by the founding Eclipse Foundation received from the Alpha-Omega project.

Date Tue 13 June 2023
Authors Dahmun Goudarzi, Damien Aumaitre, Ramtine Tofighi Shirazi
Category Software

Mithril Security engaged a collaboration with Quarkslab to perform an audit of the BlindAI-preview, now known as BlindAI Core, which is an open-source confidential computing solution for querying and deploying AI models while guaranteeing data privacy. The goal of the audit was to evaluate the BlindAI resiliency based on the definition of a threat model after a refresh on the latest state-of-the-art.

Date Wed 22 March 2023
Authors Laurent Laubin, Mahé Tardy
Category Software

Falco's maintainers, with support from Cloud Native Computing Foundation, engaged with Quarkslab to perform an audit of Falco, an open-source cloud-native runtime security tool. The goal of the audit was to assist the Falco maintainers to increase their security posture using static and dynamic analysis (fuzzing in particular) and was organized by Open Source Technology Improvement Fund, Inc.

Date Tue 31 August 2021
Authors Adrien Guinet, Romain Thomas
Category Software

This blog post introduces QBDL (QuarkslaB Dynamic Loader) as well as a use case which runs NVIDIA NGX SDK under Linux. You can take a look at the project on Github: https://github.com/quarkslab/QBDL .

Date Thu 29 April 2021
Authors Marwan Anastas, Charlie Boulo
Category Software

Oxen [1] mandated Quarkslab to perform an audit of their instant messaging solution Session [2]. This application, forked from Signal, aims to improve users privacy by using an onion routing mechanism [3]. This mechanism differs from Tor's one by requiring a deposit in their own cryptocurrency to operate a Service Node (Snode [4] ), the Oxen equivalent of a Tor Entry, Relay or Exit Node. While reviewing the architecture of this solution, we found some issues and provided recommendations to improve parts of the implementations.

Date Thu 28 May 2020
Authors Damien Aumaitre, Nicolas Surbayrole
Category Software

Ansible is an open-source software automating configuration management and software deployment. Ansible is used in Quarkslab to manage our infrastructure and in our product Irma. In order to have an idea of the security of Ansible, we conducted a security assessment. This blogpost presents our findings.