Improving Security Posture of Critical FOSS Projects with Security Audits (froscon2024)

The Open Source Technology Improvement Fund, Inc has organized and managed close to 100 security audits for critical open source projects since 2015. This session will go over the top types of vulnerabilities found and fixed in open source security audits, the top 5 lessons learned, and highlight common auditing mistakes and how to avoid them. Security Audits are a proven and effective method for improving the security posture of Open Source Projects. The Open Source Technology Improvement Fund, Inc (ostif.org) has been a trusted partner for facilitating and managing security audits for critical open source projects since 2020, helping critical FOSS projects mature and improve. With recent funding from Sovereign Tech Fund, OSTIF wishes to share case studies of successful engagements. about this event: https://programm.froscon.org/2024/events/3135.html