Login Apply
Login Apply

OTF Conducts Security Audit of Hypha

Open Technology Fund (OTF) recently completed a security audit of Hypha. Hypha is an OTF project that has been developed internally by OTF and community partners for several years, and is an open source submission management platform used by OTF and several other organizations to receive and manage applications for funding. Since its inception, transparency, security, and trust have been core components of what has driven Hypha development. The audit was conducted through OTF’s Red Team Lab, which focuses on improving the software security of tools and technologies by ensuring that code, data, and people behind the tools have what they need to create a safer experience for people experiencing repressive information controls online. The audit was conducted by OTF service partner Radically Open Security.

Privacy and security are crucially important to OTF and the community we serve, and improving the sustainability of open source software is a core component of OTF’s work. OTF sought the audit to assess the security of Hypha, by finding vulnerabilities and resolving these issues to ensure the continued safety and security of OTF applicants. The audit was conducted via a penetration test between August 4 and August 23, 2021, with patching of any critical issues carried out immediately after the test’s conclusion.

OTF worked with Combonetwork Development and Remote Inning to resolve critical issues within a few weeks after the test’s conclusion. Other findings have also been resolved. OTF is progressively implementing security enhancements that were suggested by Radically Open Security.and will continue developing improved and new security measures before the end of this year.

The full audit is available here:

Your cookie settings

This website deploys cookies for basic functionality and to keep it secure. These cookies are strictly necessary. Optional analysis cookies which provide us with statistical information about the use of the website may also be deployed, but only with your consent. Please review our Privacy & Data Policy for more information.