Open Technology Fund Audit Report
21 Oct 2013 12:37:23 EST

Over the past year, iSEC Partners has worked with the Open Technology Fund on several of their supported projects, and I've been extremely fortunate to have a finger, arm, or whole body in each of the audits. Most of them were as an Account Manager (just helping arrange the audit between the project and some of our extremely talented consultants) but I also got to roll up my sleeves and pick on a couple myself.

If you haven't heard of OTF, they fund projects that develop open and accessible technologies promoting human rights and open societies. Some of the projects they support that we've been able to work on are Open Whisper Systems' RedPhone and TextSecure, Commotion, and GlobaLeaks, among others.

I also got to work on a followup of the Liberation Technology Auditing Guidelines I authored in the beginning of the year. In conjunction with the audits iSEC performed, I also helped OTF perform a review of their audit process. The goal of this review was to take a look at the breadth, scope, and coverage of security audits performed on OTF funded applications to date. I aimed to identify the strengths and shortcomings in OTF's current process and provide recommendations to improve the breadth of coverage and to derive greater value in the future. The report is (hopefully) applicable to both OTF and other funding agencies in the Liberation Technology and Civil Society communities, and I and iSEC hopes this work inspires more development and more integration between security professionals and project teams. OTF has published this review over on their website where you can take a look.

Add a comment...
required, hidden, gravatared

required, markdown enabled (help)
you type:you see:
[stolen from reddit!](http://reddit.com)stolen from reddit!
* item 1
* item 2
* item 3
  • item 1
  • item 2
  • item 3
> quoted text
quoted text
Lines starting with four spaces
are treated like code:

    if 1 * 2 < 3:
        print "hello, world!"
Lines starting with four spaces
are treated like code:
if 1 * 2 < 3:
    print "hello, world!"