The Soveriegn Tech Agency (STA), whose mission is to support Open Source Infrastructure, is seeking to commission the Open Source Technology Improvement Fund (OSTIF), Inc, and its partners to perform security audits of critical third-party FOSS Infrastructure projects and offer process improvements services to improve security posture. Security audits are crucial for critical open source infrastructure because they help identify and mitigate potential vulnerabilities and weaknesses in the software. By conducting security audits, critical open source software can proactively assess the security posture of their code and infrastructure and address any issues before they are exploited by malicious actors. These audits provide valuable insights into the overall security of the system, ensuring that it meets the highest standards and reducing the risk of security breaches. Additionally, security audits help build trust among users and industry by demonstrating a commitment to the security and integrity of the open source infrastructure. This assurance based approach complements and builds upon STA’s investments in securing Open Source infrastructure, particularly the Bug Resilience Project, STA’s preventative security program. OSTIF will execute security engagements for critical third-party FOSS infrastructure as determined by STA and the Managed Audit Program. Our proposed contracting structure would be a Master Services Agreement with particular audits requested via Statement of Work requested by STA. This will allow STA with the capacity for providing audits in collaboration with OSTIF as need arises to secure critical software infrastructure. For each audit, deliverables will come in the form of: Audit Reports, Vulnerability and Bug Fixes, and other associated Security Improvements made to the target projects.