Bug Bounties

We create bounties that will be paid out to anyone who finds a major security bug in any of our supported projects. These grants will incentivize the world to comb through the code of our projects and look for problems, dramatically improving the world's confidence in the integrity and security of the projects.

Professional Audits

We give grants to well-known professionals or organizations to audit code and look for bugs, clandestine back doors, or other errata that could compromise security. This adds another layer of oversight and integrity checking to reinforce the trust in all of our supported projects.

Direct Funding

We give grants to worthy projects to enable them to hire staff. This will facilitate code changes to implement bug fixes, and make improvements or upgrades to our supported projects, allowing them to advance in quality, features, or proper documentation of code at a much faster pace.

Latest News On OSTIF.org

The OSTIF Bug Bounty Program has Officially Begun

The OSTIF Bug Bounty Program has Officially Begun We are proud to announce that the pilot program for OSTIF bug bounties has started. This means that researchers around the world can now find application and security flaws in OpenVPN and VeraCrypt for monetary and career-building rewards. The maximum award for OpenVPN and VeraCrypt is a $5000

How to install a hidden Windows 7 Operating System with VeraCrypt

We have just posted our Windows 7 hidden operating system guide on YouTube here: https://www.youtube.com/watch?v=BFfl-YGsOGA In this guide, we show you how to create a VeraCrypt Windows 7 hidden operating system. This enables you to hide your operating system within an encrypted partition, creating data assurance for your OS and maximum privacy. VeraCrypt is powerful, free, open-source

OSTIF’s 2017 Open Books Have Been Updated

OSTIF's 2017 Open Books Have Been Updated Our commitment to keep our financial transactions fully transparent continues. We have updated our public books to current. You can view them here: https://docs.google.com/spreadsheets/d/1OqWBlNwk5be2c74cRlmYOdhLWPeCjCBAALxYCdMwIaM/ Our biggest items of note in 2017 so far are the donations and expenses related to the OpenVPN 2.4 fundraiser. You can view the results of the OpenVPN

The OpenVPN 2.4.0 Audit by OSTIF and QuarksLab Results

The OSTIF and QuarksLab audit of OpenVPN 2.4.0 has been completed, and this is the public release of the results. The quick and dirty: OpenVPN 2.4.0, the NDIS6 TAP Driver for Windows, the Windows GUI, and Linux versions were evaluated. This release included a number of new features including control channel encryption. QuarksLab found: 1 Critical/High Vulnerability CVE-2017-7478 1

The Audit of OpenVPN is Complete

The Audit of OpenVPN is Complete We have confirmed with QuarksLab that the security review of OpenVPN 2.4.0 is complete, and that they are now documenting the results. The process will then proceed as follows: QuarksLab will securely give these results to the OpenVPN security team on April 7th. The OpenVPN team will review the results and create

OSTIF’s 2017 Books Have Been Updated

Open Source Technology Improvement Fund's Open Books for 2017 We have been late to the party on updating our open books for 2017. I have gone through and updated them finally today. https://docs.google.com/spreadsheets/d/1OqWBlNwk5be2c74cRlmYOdhLWPeCjCBAALxYCdMwIaM The big items of note: -The OpenVPN Fundraiser has concluded and we beat our goals by a comfortable margin. These excess funds are being reserved

OSTIF Financial Report for FY2016

2015 and 2016 financial report for the Open Source Technology Improvement Fund, Inc. 2016 was a year of rapid growth for OSTIF. We've met or exceeded all of our goals and have two major successes under our belts, the fundraising and auditing of VeraCrypt 1.18 and the fundraising and auditing of OpenVPN 2.4. This document is

The OpenVPN Audit Begins February 15th 2017

The OpenVPN Audit Begins February 15th 2017 The OpenVPN audit is going to be carried out as planned by QuarksLab's Gabriel Campana and Jean-Baptiste Bedrune on February 15th 2017. There will be 90 man-days of work completed throughout this audit and it will take approximately 45 days to complete. During this time period, we will work with

T-Shirts are being ordered next week!

After our successful fundraiser for OpenVPN, we are now moving forward with getting shirts for our supporters printed and shipped out. You can see the designs here. We have sent emails out to our individual contributors that have made qualifying donations already. Check your emails! Some of you donated through anonymous methods where we could not