Nivenly Fediverse Security Fund
Background
Software inevitably has security vulnerabilities, and software for the Fediverse is no exception. Closing these vulnerabilities provides a safer, more trustworthy experience for citizens of the Fediverse. To that end, Nivenly is launching a time-and-funds-limited experimental security bounty fund to sponsor contributors who close serious security flaws in popular open source Fediverse software. As a secondary goal, we want to use this fund to help project maintainers grow their circle of contributors.
The Fund
Individual researchers or contributors who identify or contribute a patch for a high or critical CVSS score vulnerability in Fediverse software will receive a one-time sponsorship from the the Fund:
- High (7.0 - 8.9) – $250 USD
- Critical (9.0+) – $500 USD
Since this is a new program and we want to gather data about how contributors will engage with it, the Fund will allocate a maximum of $5,000 USD between April 1, 2025 and the end of September 30, 2025. Shortly before the conclusion of the experiment, Nivenly will hold a member vote to determine if we want to continue the program, and to establish a longer-term committee to steward and maintain the program.
During the experiment, a single contributor is limited to a maximum payout of $1,000 USD. Payment processing fees do not count towards an individual’s maximum payout.
More information on the Fediverse Security Fund program.
Questions?
If you have any questions or requests to add new Fediverse software, let’s chat at nivenly/community.