Censorship is an increasing problem on the internet. As the technology to manipulate what users see on the web gets cheaper, more countries, ISPs, and service providers are amping up their ability to not only monitor what their users see, but to orchestrate what those users see and experience. We…
The Open Source Technology Improvement Fund is working with the Monero community to fund at least two (and probably three) audits of Monero RandomX. What is RandomX? RandomX is a project that implements a dynamic proof of work algorithm. The aim of an algorithm that changes is to make it…
OSTIF is Partnering with the Internet Bug Bounty and HackerOne for Bug Bounties! The Open Source Technology Improvement Fund will be partnering with the Internet Bug Bounty and HackerOne in a partnership that will get our supported projects listed on HackerOne with no overhead costs! HackerOne is the de-facto site…
OSTIF is Working with Monero Research Lab on Bulletproofs We are happy to announce that we have been working with the Monero project to help them locate auditing resources for Bulletproofs. This code review is to evaluate the safety of the implementation of Bulletproofs into Monero, which promises to dramatically…
Welcome to Private Internet Access for Becoming our First Platinum Sponsor! We are welcoming Private Internet Access to the OSTIF family, as they have became our first platinum sponsors. Their commitment to free and open software has been tremendous, first funding two OpenVPN code review projects and now the OpenSSL…
The OSTIF Bug Bounty Program has Officially Begun We are proud to announce that the pilot program for OSTIF bug bounties has started. This means that researchers around the world can now find application and security flaws in OpenVPN and VeraCrypt for monetary and career-building rewards. The maximum award for…
OpenVPN 2.4.0, the NDIS6 TAP Driver for Windows, the Windows GUI, and Linux versions were evaluated. This release included a number of new features including control channel encryption. QuarksLab found: 1 Critical/High Vulnerability CVE-2017-7478 1 Medium Vulnerability CVE-2017-7479 5 Low or Informational Vulnerabilities / Concerns This public disclosure of these vulnerabilities coincides with the release of OpenVPN 2.4.2 which fixes…
New Attacks on Privacy Show That Legal Solutions Cant Be Relied On One of the core concepts that motivated me to create the OSTIF is the belief that the Internet is an enormous tool for good. In order for us to be able to enjoy the fruits of free information,…
The OpenVPN Audit Begins February 15th 2017 The OpenVPN audit is going to be carried out as planned by QuarksLab's Gabriel Campana and Jean-Baptiste Bedrune on February 15th 2017. There will be 90 man-days of work completed throughout this audit and it will take approximately 45 days to complete. During this…
The OpenVPN Fundraiser Has Hit It's Goal - Work On The Audit Begins We are delighted to announce that the Open Source Technology Improvement Fund has surpassed it's target goal of $71,000 USD with two weeks of fundraising to spare! We are continuing to seek donations until fundraising officially ends…