Bug Bounties

We create bounties that will be paid out to anyone who finds a major security bug in any of our supported projects. These grants will incentivize the world to comb through the code of our projects and look for problems, dramatically improving the world's confidence in the integrity and security of the projects.

Professional Audits

We give grants to well-known professionals or organizations to audit code and look for bugs, clandestine back doors, or other errata that could compromise security. This adds another layer of oversight and integrity checking to reinforce the trust in all of our supported projects.

Direct Funding

We give grants to worthy projects to enable them to hire staff. This will facilitate code changes to implement bug fixes, and make improvements or upgrades to our supported projects, allowing them to advance in quality, features, or proper documentation of code at a much faster pace.

Latest News On OSTIF.org

Stop the Spies – OpenSSL 1.1.1 Fundraiser

UPDATE: We are now 81% funded! Keep spreading the word! Matched donations by DuckDuckGo on Crowdrise here: https://www.crowdrise.com/o/en/campaign/ostif1/ostif Ways to contribute for FREE: https://ostif.org/how-to-contribute-to-ostif-for-free/ Donate using a huge number of options here: https://ostif.org/donate What are we working on? OpenSSL powers everything. 70% of the top million websites use OpenSSL to provide encryption services to their visitors and to encrypt user information.

OpenSSL 1.1.1 Fundraiser – 2nd Round of Funding

Double Your Donations With CrowdRise Today, we begin our second round of funding in partnership with DuckDuckGo, who will be matching Crowdrise donations for the next four weeks! You can view the Crowdrise campaign and donate here to have your donation matched (doubled): https://www.crowdrise.com/o/en/campaign/ostif1/ OpenSSL 1.1.1 Project Changes We have made changes to the proposed OpenSSL project to

OSTIF Financial Report for FY2017

2017 Financial Report for the Open Source Technology Improvement Fund, Inc. In 2017 OSTIF experienced substantial growth, and expanded our reach to multiple new areas of computing and software safety. We conducted an audit of OpenVPN 2.4.0 in partnership with QuarksLab and launched our bug bounty program. This document is intended to inform our donors and

OSTIF is Working with Monero Research Lab on Bulletproofs

OSTIF is Working with Monero Research Lab on Bulletproofs We are happy to announce that we have been working with the Monero project to help them locate auditing resources for Bulletproofs. This code review is to evaluate the safety of the implementation of Bulletproofs into Monero, which promises to dramatically reduce transaction sizes for Monero,

OSTIF in 2018 – Our Plans for the Future

OSTIF in 2018 - Our Plans for the Future 2017 was a wild ride, with OSTIF raising roughly double the funds that we did the year prior. We've learned a lot along the way, and are working hard to get even more done in 2018. These plans include widening support to more apps, building stronger

OpenSSL Fundraiser Updates – Progress and Thank Yous

November 19th OpenSSL Fundraiser Updates - Progress and Thank Yous Our work fundraising for the massive OpenSSL 1.1.1 project continues. Our project is now up to hundreds of backers and dozens of companies and organizations. I would like to thank OpenVPN Technologies for their continued support (they have donated an additonal $5000), and our new big

OpenSSL Fundraiser Progress Updates

OpenSSL 1.1.1 Fundraising Progress (This post will be updated regularly as we gain more sponsors and progress toward our total goal.) We are happy to announce that we have raised 36% of the money needed to audit OpenSSL 1.1.1 with three weeks of fundraising completed. We expect to meet our goal by years-end if progress continues

The OSTIF Public Books Have Been Updated – Oct 2017

The OSTIF Public Books Have Been Updated - October 2017 We have updated our 2017 Books to current, and they can be viewed here:   https://docs.google.com/spreadsheets/d/1OqWBlNwk5be2c74cRlmYOdhLWPeCjCBAALxYCdMwIaM Highlights since the last major update of the books: -Private Internet Access has become our first Platinum Sponsor. This means that they have committed to contributing $120,000 USD per year, and will

Congratulations to Guido Vranken for earning our first bug bounty!

Security researcher Guido Vranken has had the honor of being our first bug bounty payout totaling $5000 USD for his work on fuzzing OpenVPN 2.4.2 and finding a variety of memsafe and error handling flaws, responsibly disclosing them, and working with OSTIF and the OpenVPN security team to integrate his custom code into the