

Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits
Aug 12, 2025
25:30
In this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collaborative, maintainer-centric security audits that help projects improve their security posture through expert third-party reviews, without creating fear or overwhelming developers.
Episode Chapters:
- 00:00 Introduction
- 00:22 Podcast Welcome
- 01:04 OSTIF Founders Introduction
- 02:31 OSTIF's Mission and Approach
- 05:28 Relationship Management and Expertise
- 08:01 Evolution of Security Engagement Methods
- 12:15 Making Security Audits Less Intimidating
- 18:00 Rapid Fire Questions
- 20:45 Closing, Call to Action
Episode links: