Fediverse Security Fund

Software inevitably has security vulnerabilities, and software for the Fediverse is no exception. Closing these vulnerabilities provides a safer, more trustworthy experience for citizens of the Fediverse. To that end, Nivenly is launching a time-and-funds-limited experimental security bounty fund to sponsor contributors who close serious security flaws in popular open source Fediverse software. As a secondary goal, we want to use this fund to help project maintainers grow their circle of contributors.

Individual researchers or contributors who identify or contribute a patch for a high or critical CVSS score vulnerability in Fediverse software will receive a one-time sponsorship from the the Fund:

Since this is a new program and we want to gather data about how contributors will engage with it, the Fund will allocate a maximum of $5,000 USD between April 1, 2025 and the end of September 30, 2025. Shortly before the conclusion of the experiment, Nivenly will hold a member vote to a) determine if we want to continue the program and b) establish a longer-term committee to steward and maintain the program.

During the experiment, a single contributor is limited to a maximum payout of $1,000 USD.

Additional terms & conditions apply.