1.1 Buyer
Official name
:
Sovereign Tech Agency GmbH
Open Source Technology Improvement Fund, Inc
The Open Source Technology Improvement Fund is a corporate non-profit dedicated to securing open source apps that we all depend on. Responsible for over 10,000 hours of coordinated work, 400+ patched vulnerabilities, and over 50 security engagements of critical open source projects, OSTIF is working toward being a leader in …
CPV: 72262000 Software development services, 73000000 Research and development services and related consultancy services
1. Buyer
2. Procedure
2.1 Procedure
Title
:
Open Source Technology Improvement Fund, Inc
Description
:
The Open Source Technology Improvement Fund is a corporate non-profit dedicated to securing open source apps that we all depend on. Responsible for over 10,000 hours of coordinated work, 400+ patched vulnerabilities, and over 50 security engagements of critical open source projects, OSTIF is working toward being a leader in helping improve security in Open Source.
Procedure identifier
:
22efa8de-5eae-4c12-a9a9-2d1b250f0ab7
Type of procedure
:
Negotiated without prior call for competition
2.1.1 Purpose
Main nature of the contract
:
Services
Main classification
(
cpv
):
72262000
Software development services
2.1.4 General information
Legal basis
:
Directive 2014/24/EU
5. Lot
5.1 Lot technical ID : LOT-0000
Title
:
Open Source Technology Improvement Fund, Inc
Description
:
The Soveriegn Tech Agency (STA), whose mission is to support Open Source Infrastructure, is seeking to commission the Open Source Technology Improvement Fund (OSTIF), Inc, and its partners to perform security audits of critical third-party FOSS Infrastructure projects and offer process improvements services to improve security posture. Security audits are crucial for critical open source infrastructure because they help identify and mitigate potential vulnerabilities and weaknesses in the software. By conducting security audits, critical open source software can proactively assess the security posture of their code and infrastructure and address any issues before they are exploited by malicious actors. These audits provide valuable insights into the overall security of the system, ensuring that it meets the highest standards and reducing the risk of security breaches. Additionally, security audits help build trust among users and industry by demonstrating a commitment to the security and integrity of the open source infrastructure. This assurance based approach complements and builds upon STA’s investments in securing Open Source infrastructure, particularly the Bug Resilience Project, STA’s preventative security program. OSTIF will execute security engagements for critical third-party FOSS infrastructure as determined by STA and the Managed Audit Program. Our proposed contracting structure would be a Master Services Agreement with particular audits requested via Statement of Work requested by STA. This will allow STA with the capacity for providing audits in collaboration with OSTIF as need arises to secure critical software infrastructure. For each audit, deliverables will come in the form of: Audit Reports, Vulnerability and Bug Fixes, and other associated Security Improvements made to the target projects.
5.1.1 Purpose
Main nature of the contract
:
Services
Main classification
(
cpv
):
72262000
Software development services
Additional classification
(
cpv
):
73000000
Research and development services and related consultancy services
5.1.2 Place of performance
Country
:
Germany
Additional information
:
DED52
5.1.6 General information
Procurement Project not financed with EU Funds.
The procurement is covered by the Government Procurement Agreement (GPA)
:
no
5.1.16 Further information, mediation and review
Review organisation
:
Die Vergabekammern der Bundes
-
6. Results
Direct award
:
Justification for direct award
:
Contracts with estimated value below the procurement thresholds
Other justification
:
As a research and development service, the contract is excluded from the scope of application of public procurement law (cf. Section 116 (1) No. 2 Act against Restraints on Competition).
6.1 Result lot ldentifier : LOT-0000
6.1.2 Information about winners
Winner
:
Official name
:
Open Source Technology Improvement Fund, Inc
Tender
:
Tender identifier
:
Angebot 1
Identifier of lot or group of lots
:
LOT-0000
Contract information
:
Identifier of the contract
:
STF-23-30
8. Organisations
8.1 ORG-0001
Official name
:
Sovereign Tech Agency GmbH
Town
:
Berlin
Postcode
:
10115
Country subdivision (NUTS)
:
Berlin
(
DE300
)
Country
:
Germany
Contact point
:
Leo Lerch
Telephone
:
+49 30 208 88 1514
Roles of this organisation
:
Buyer
8.1 ORG-0002
Official name
:
Open Source Technology Improvement Fund, Inc
Size of the economic operator
:
Micro, small, or medium
Town
:
Chicago
Postcode
:
IL 60606 (USA)
Country
:
United States
Roles of this organisation
:
Tenderer
Winner of these lots
:
LOT-0000
8.1 ORG-0003
Official name
:
Die Vergabekammern der Bundes
Town
:
Bonn
Postcode
:
53113
Country subdivision (NUTS)
:
Bonn, Kreisfreie Stadt
(
DEA22
)
Country
:
Germany
Roles of this organisation
:
Review organisation
8.1 ORG-0000
Official name
:
Publications Office of the European Union
Registration number
:
PUBL
Town
:
Luxembourg
Postcode
:
2417
Country subdivision (NUTS)
:
Luxembourg
(
LU000
)
Country
:
Luxembourg
Telephone
:
+352 29291
Roles of this organisation
:
TED eSender
10. Change
Version of the previous notice to be changed
:
663007-2023
Main reason for change
:
Information updated
10.1 Change
Section identifier
:
RES-0001
Description of changes
:
The existing contract is to be extended to include additional security audits, which are to be carried out as work orders under the existing contract. Therefore, it is permissible here in any case to increase the original contract value by up to 50%; the contract term will be extended to December 31st 2025.
Notice information
Notice identifier/version
:
73301301-bb16-4da0-a47f-eec9af5211cb
-
01
Form type
:
Direct award preannouncement
Notice type
:
Voluntary ex-ante transparency notice
Notice dispatch date
:
11/03/2025
13:25 +00:00
Languages in which this notice is officially available
:
English
Notice publication number
:
00159257-2025
OJ S issue number
:
50/2025
Publication date
:
12/03/2025