Open Technology Fund (OTF) recently completed a security audit of Hypha. Hypha is an OTF project that has been developed internally by OTF and community partners for several years, and is an open source submission management platform used by OTF and several other organizations to receive and manage applications for funding. Since its inception, transparency, security, and trust have been core components of what has driven Hypha development. The audit was conducted through OTF’s Red Team Lab, which focuses on improving the software security of tools and technologies by ensuring that code, data, and people behind the tools have what they need to create a safer experience for people experiencing repressive information controls online. The audit was conducted by OTF service partner Radically Open Security.
Privacy and security are crucially important to OTF and the community we serve, and improving the sustainability of open source software is a core component of OTF’s work. OTF sought the audit to assess the security of Hypha, by finding vulnerabilities and resolving these issues to ensure the continued safety and security of OTF applicants. The audit was conducted via a penetration test between August 4 and August 23, 2021, with patching of any critical issues carried out immediately after the test’s conclusion.
OTF worked with Combonetwork Development and Remote Inning to resolve critical issues within a few weeks after the test’s conclusion. Other findings have also been resolved. OTF is progressively implementing security enhancements that were suggested by Radically Open Security.and will continue developing improved and new security measures before the end of this year.
The full audit is available here: https://www.hypha.app/reports/Radically_Open_Security_2021_Hypha.pdf.