Tag: software

The Scala team has partnered with the Open Source Technology Improvement Fund (OSTIF) to conduct its first security audit. This initiative aims to identify potential vulnerabilities through static and dynamic analysis and provide greater confidence in Scala. The security audit conducted by Quarkslab is particularly focused on Scala 3.

The OSTIF collaborated with Quarkslab to conduct a security audit of Paramiko, a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. Given the sensitivity and importance of the target, the review focused not only on Paramiko itself but also on its dependencies. The assessment covered its interaction with rust-openssl bindings, the use of secure entropy sources, adherence to constant-time requirements, as well as code quality, testing practices, and the CI/CD pipeline, with the goal of identifying opportunities for further hardening.

Quarkslab performed the first public security audit of EVerest, an open-source project for EV charging stations hosted by LF Energy. The audit was mandated by the Open Source Technology Improvement Fund, Inc..

The Open Source Technology Improvement Fund, Inc. mandated Quarkslab to perform the first public security audit of Bitcoin core, the reference open-source implementation of the Bitcoin decentralized protocol.

The Open Source Technology Improvement Fund, Inc., thanks to funding provided by Sovereign Tech Fund (STF), engaged with Quarkslab to perform a security audit of KubeVirt.

The Open Source Technology Improvement Fund, Inc., engaged with Quarkslab to perform a security audit of the code snippets in the English version of PHP documentation, focused on some specific pages.

The Open Source Technology Improvement Fund, Inc, thanks to funding provided by Sovereign Tech Fund, engaged with Quarkslab to perform a security audit of PHP-SRC, the interpreter of the PHP language.

The OSTIF engaged with Quarkslab to perform a security audit of the Notary project, focused on new features.

Quarkslab was mandated by the Open Source Technology Improvement Fund, Inc. to proceed with the security assessment of the Operator Fabric project. The purpose of this assessment is to deliver an expert opinion of the security level reached by the application at a specific moment.

We performed a security assessment of Cloud Native Buildpacks to help improve it, in collaboration with Open Source Technology Improvement Fund, Inc .