🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Continuous #fuzzing of Helm -- 4 CVEs, 38 fuzzers and OSS-Fuzz setup! Check out the full details in the blog post and accompanying report :)

We created a bridge to Fuzz Introspector data generated by OSS-Fuzz that you can use programmatically -- e.g. in a few lines of code find the most complex uncovered functions in a given project: fuzz-introspector.readthedocs.io/en/latest/oss-…

[NEWS from #KubeCon] CNCF fuzzing open source projects for security and reliability cncf.io/blog/2023/04/1…

I’m proud of the work and investment we do in improving the security of CNCF projects #kubecon #cloudnativecon

The Vitess Maintainer team is pleased to announce the results of a recent third-party security audit of the Vitess code base. vitess.io/blog/2023-06-0…

The #Vitess maintainer team has announced the results of its recent 3rd party security audit! No Critical issues were found during the audit 🎉 Learn more: cncf.io/blog/2023/06/0…

Curious about how a project on OSS-Fuzz is doing? Check out introspector.oss-fuzz.com ! This provides runtime/statically-reachable coverage stats for all supported (C/++,Python,Java) OSS-Fuzz projects, as well as a neat function database to search through.

Made a video on open source fuzzing introspection and how you can analyze the fuzzing set up of OSS-Fuzz projects using introspector.oss-fuzz.com -- youtu.be/RLoLfo2V2HI e.g. track coverage progress, find interesting targets and more!

[NEWS FROM #KUBECON] Learn about updates to #CNCF Fuzzing practices for 2023! Fuzzing is crucial for ensuring secure and reliable software 🔒 Recent updates include a new Fuzzing Handbook + 3 recent audits for #Dapr, #Kyverno + #Knative! Read more: cncf.io/blog/2023/11/0…

Excited to release a #CNCF #fuzzing handbook, focused on how to get started with fuzzing and includes an entire chapter on OSS-Fuzz and how to integrate open source projects for continuous fuzzing. Handbook available on GitHub: github.com/cncf/tag-secur…

We made a video introducing a recent OSS-Fuzz Visual Studio Code extension! Exciting new extension to help writing fuzzing harnesses for open source projects easier

The Kyverno project collaborated with ADA Logics OSTIF Official and CNCF to complete a comprehensive 3rd party security audit, and fix all issues found during the audit. cncf.io/blog/2023/12/0… #Kubernetes #Security

Security audit of Kyverno: CNCF Policy Engine -- details in the report. Holistic audit including #SLSA supply chain security assessment, #fuzzing by way of OSS-Fuzz, code review, threat modelling and more. Kudos to AdamKorcz for leading and thanks to Kyverno: CNCF Policy Engine OSTIF Official CNCF

Get the lowdown on Kyverno: CNCF Policy Engine's security audit by ADA Logics with support from CNCF and yours truly at ostif.org/kyverno-audit-…. What can we say, the work speaks for itself- but you gotta read to get the details!

Holistic security audit of Kyverno: CNCF Policy Engine : Supply Chain Security with #SLSA, #Fuzzing with OSS-Fuzz, Manual code review and Threat modelling! Full details in the report. Great collaboration with Kyverno: CNCF Policy Engine maintainers, OSTIF Official and CNCF

🔒 KnativeProject has completed a third-party security audit! Check out the highlights on the blog from AdamKorcz 👇 cncf.io/blog/2023/12/1…

KnativeProject security audit -- Verifiable provenance with #SLSA , #fuzzing with OSS-Fuzz and manual code auditing. Several interesting findings with full details in the accompanying report. Thanks to OSTIF Official and CNCF for the collaboration.

With ADA Logics and CNCF, OSTIF completed a security audit of KnativeProject- such a great engagement, well done to everyone! Find out what we're talking about at ostif.org/knative-audit-…

Our first audit in collaboration with Sovereign Tech Fund's Bug Resilience Program is now published! 5 Jackson subprojects underwent holistic security work via this engagement, with auditing by ADA Logics. Read more at ostif.org/dataformatsdat…

Happy to announce our #fuzzing work on #LLVM focused on continuous fuzzing by way of OSS-Fuzz -- LLVM is now the project with most lines covered of all OSS-Fuzz projects! Thanks to collaborators OSTIF Official and Sovereign Tech Fund Full report is available in adalogics.com/blog/llvm-fuzz…