Tag: software

The OSTIF collaborated with Quarkslab to conduct a security audit of Paramiko, a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. Given the sensitivity and importance of the target, the review focused not only on Paramiko itself but also on its dependencies. The assessment covered its interaction with rust-openssl bindings, the use of secure entropy sources, adherence to constant-time requirements, as well as code quality, testing practices, and the CI/CD pipeline, with the goal of identifying opportunities for further hardening.

Quarkslab performed the first public security audit of EVerest, an open-source project for EV charging stations hosted by LF Energy. The audit was mandated by the Open Source Technology Improvement Fund, Inc..

The Open Source Technology Improvement Fund, Inc. mandated Quarkslab to perform the first public security audit of Bitcoin core, the reference open-source implementation of the Bitcoin decentralized protocol.

The Open Source Technology Improvement Fund, Inc., thanks to funding provided by Sovereign Tech Fund (STF), engaged with Quarkslab to perform a security audit of KubeVirt.

The Open Source Technology Improvement Fund, Inc., engaged with Quarkslab to perform a security audit of the code snippets in the English version of PHP documentation, focused on some specific pages.

The Open Source Technology Improvement Fund, Inc, thanks to funding provided by Sovereign Tech Fund, engaged with Quarkslab to perform a security audit of PHP-SRC, the interpreter of the PHP language.

The OSTIF engaged with Quarkslab to perform a security audit of the Notary project, focused on new features.

Quarkslab was mandated by the Open Source Technology Improvement Fund, Inc. to proceed with the security assessment of the Operator Fabric project. The purpose of this assessment is to deliver an expert opinion of the security level reached by the application at a specific moment.

We performed a security assessment of Cloud Native Buildpacks to help improve it, in collaboration with Open Source Technology Improvement Fund, Inc .

Eclipse KUKSA's committers, with support from Eclipse Foundation, engaged with Quarkslab to perform an audit of Kuksa, an open-source framework that provides shared building blocks for Software Defined Vehicles. The goal of the audit was to assist the Eclipse Kuksa committers to increase their security posture using static and dynamic analysis (fuzzing in particular) and was organized by Open Source Technology Improvement Fund, Inc and made possible by the founding Eclipse Foundation received from the Alpha-Omega project.