For the past 4 years, OSTIF has run a Managed Audit Program for the CNCF. We’ve audited 33 projects in that time, working with maintainers all over the world to reinforce the security health of cloud native open source for billions of end users.
Security audits are an effective, sustainable method of securing open source projects. OSTIF audits of CNCF projects last year uncovered 112 findings with security impact, with a 97% fix rate overall and 100% fix rate for high and medium issues. Our security auditors identify and verify issues to present real bugs to the maintainers, then participate in the long-term work of providing support to fix current findings and tooling to address future ones.
Learn more about the security work accomplished as a result of this strategic alliance in the report linked below.
PDF warning: CNCF Managed Audit Program Report 2025