A practice of ITECZ Solutions

We secure the open source the world runs on.

From cryptography and web servers to compilers, codecs and data engines — we find and fix vulnerabilities deep in the software supply chain, then upstream the fixes so everyone is safer. Real patches, merged into the projects the world depends on.

See the projects Work with us

5,000+PRs upstreamed

100+Major projects

20+Contributor accounts

1.8M★Project reach

What we do

Security work, upstreamed

We don't just file reports — we ship the fix into the project, peer-reviewed and merged by maintainers.

Vulnerability discovery

Memory-safety bugs, parsing flaws, overflows and undefined behaviour in security-critical C/C++ code — found, triaged and reproduced.

Fuzzing & harnesses

Continuous fuzzing and new test harnesses — including work alongside Google's OSS-Fuzz — to surface defects before attackers do.

Upstream patches

Production-grade fixes submitted as pull requests and merged by maintainers — the fix lives in the project, not in a PDF.

Supply-chain hardening

Securing the dependencies your stack is built on — codecs, compression, crypto, networking and parsers used by millions.

Performance & correctness

Hardening that also makes code faster and more correct — patches across data engines, JSON parsers and image libraries.

Good open-source citizens

We work the way maintainers expect — clear reproducers, focused diffs, responsive review — building long-term trust upstream.

Security-critical infrastructure

Where it matters most

A selection of the foundational, security-sensitive projects our team has contributed fixes to.

OpenSSLTLS & cryptography30k★ nginxWeb server / proxy31k★ EnvoyService proxy28k★ gRPCRPC framework45k★ OSS-FuzzFuzzing infrastructure12k★ ZstandardCompression27k★ YARAMalware detection9.6k★ OpenVPNVPN14k★ zlibCompression6.9k★ LZ4Compression12k★ XZ UtilsCompression1.6k★ EDK IIUEFI firmware6k★ c-aresAsync DNS2.1k★ liburingLinux io_uring3.7k★ ImageMagickImage processing17k★ DovecotIMAP/POP3 server1.2k★

Contribution footprint

Projects we've improved

A sample of the major open-source projects our contributors have merged work into. Every chip links to the live repository.

TensorFlow 196k★ Go 134k★ Angular 100k★ Django 88k★ CPython 73k★ Protocol Buffers 71k★ jQuery 60k★ Typst 54k★ Monaco Editor 46k★ Apache Airflow 46k★ Babel 44k★ LLVM 39k★ DuckDB 39k★ ZXing 34k★ Folly 30k★ ESLint 27k★ FlatBuffers 26k★ simdjson 24k★ Mocha 23k★ Ember.js 23k★ Abseil 17k★ Apache Arrow 17k★ aiohttp 16k★ AMP 15k★ Assimp 13k★ ZooKeeper 13k★ Magento 12k★ Dart SDK 11k★ pypdf 10k★ npm CLI 9.8k★ RE2 9.7k★ PrestaShop 9.1k★ libjxl (JPEG XL) 3.5k★ libavif 2.1k★ Apache POI 2.2k★ MariaDB 7.7k★

…and 90+ more repositories across the ecosystem.

By ecosystem

Deep where it's hardest

Our work concentrates in low-level, security-critical C and C++ — the code most languages and applications quietly depend on.

C / C++ 458 contributions · 67 projects

Python 95 · 12 projects

Java 69 · 14 projects

JavaScript / TypeScript 49 · 16 projects

Rust 21 · 4 projects

Go 10 · 4 projects

Figures above are a verified sample audited live from a representative subset of our public contributor accounts: 737 pull requests · 306 merged · 129 repositories · ~1.8M combined stars. Program totals reflect 20+ contributor accounts.

Harden what you depend on.

Need a dependency audited, a project fuzzed, or vulnerabilities found and fixed upstream? Let's talk.
Want your own private code reviewed instead? That's our Secure Code Review practice.

support@itecz.com.au ITECZ Solutions