Achieving improved security in the open source ecosystem is more than a theoretical goal but a plausible reality as shown by the track record of nonprofit Open Source Technology Improvement Fund, Inc. Following a best practice of independent code review with a process specifically tailored to open source projects and communities, OSTIF has worked on over 100 security audits of projects ranging from git, cURL, kubernetes, php, sigstore, and has audit reports and numerous vulnerability fixings to demonstrate effectiveness.