🎺 First phase of the Scala security audit is complete.
✅ No critical or major issues found
✅ All reported findings fixed
✅ Improvements shipped in Scala 3.3 LTS and upcoming 3.8
Huge thanks to @ostifofficial.bsky.social, @quarkslab.bsky.social &
@sovereign.tech 💝
scala-lang.org/blog/2026/06...
scala-lang.org
The first part of the security audit funded by the Sovereign Tech Fund is done, no critical issues were found.
Releasing today is OSTIF's work on LLVM's BOLT binary scanner. Completed thanks to @quarkslab.bsky.social and @sovereign.tech, the BOLT scanner received custom work to extend its coverage further.
Read about the work and its implications at our blog: ostif.org/bolt-securit...
#OSTIF #llvm #BOLT
BOLT is a static analysis tool, part of the LLVM compiler infrastructure, used to verify compiler security hardening options have been applied on a binary.
Thanks to @ostifofficial.bsky.social we've worked since November 2025 to improve it. Check our progress here:
blog.quarkslab.com/extending-ll...
Good milestone for Inspektor Gadget: its first independent security audit is complete. Thanks to @ostifofficial.bsky.social , @cncf.io , and @inspektor-gadget.io for the transparency around the process and fixes.
techcommunity.microsoft.com/blog/Linuxan...
#Kubernetes #eBPF #OpenSource #Security
The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.
Read the blog by Helen Woeste (OSTIF):
openssf.org/blog/2026/05...
The Open Source Technology Improvement Fund (OSTIF) commissioned Quarkslab to extend the BOLT-based static binary analyser in LLVM to support additional compiler flags for security hardening. This wor...
See the whole blog and report at ostif.org/scala-audit-...
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Scala, executed by a team of 3 auditors from Quarkslab. We want to thank our own Derek Zimmer of OSTIF for advocating for this audit for a long time!
#OSTIF #Quarkslab #SovereignTechAgency #Scala
A lack of input sanitization on host header paths in Starlette leads to bypassing auth with a single character across a huge swath of Python LLM infrastructure.
Update to Starlette 1.0.1 as soon as possible and read more about this vulnerability on badhost.org
CNCF's Inspektor Gadget passes its first independent security audit by Shielder and OSTIF, with all findings patched in v0.50.1. See what they found.
During a security audit of vLLM managed by OSTIF.org, a bug was discovered through manual analysis by a senior security expert at X41 D-Sec.
#OSTIF #BadHost #vLLM #X41DSec
Scan your Starlette or FastAPI server for CVE-2026-48710 (BadHost): a critical auth bypass via Host header injection affecting MCP servers, LLM proxies, AI agent frameworks, and thousands of Python AS...
