Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits

In this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collaborative, maintainer-centric security audits that help projects improve their security posture through expert third-party reviews, without creating fear or overwhelming developers.

Episode Chapters:

• 00:00 Introduction
• 00:22 Podcast Welcome
• 01:04 OSTIF Founders Introduction
• 02:31 OSTIF's Mission and Approach
• 05:28 Relationship Management and Expertise
• 08:01 Evolution of Security Engagement Methods
• 12:15 Making Security Audits Less Intimidating
• 18:00 Rapid Fire Questions
• 20:45 Closing, Call to Action

Episode links:

• Derek Zimmer LinkedIn page
• Amir Montezary LinkedIn page
• OSTIF (Open Source Technology Improvement Fund)
• Get involved with the OpenSSF
• Subscribe to the OpenSSF newsletter
• Follow the OpenSSF on LinkedIn
• Join us at OpenSSF Community Day Europe Aug 28, 2025