Bug Bounties

We create bounties that will be paid out to anyone who finds a major security bug in any of our supported projects. These grants will incentivize the world to comb through the code of our projects and look for problems, dramatically improving the world's confidence in the integrity and security of the projects.

Professional Audits

We give grants to well-known professionals or organizations to audit code and look for bugs, clandestine back doors, or other errata that could compromise security. This adds another layer of oversight and integrity checking to reinforce the trust in all of our supported projects.

Direct Funding

We give grants to worthy projects to enable them to hire staff. This will facilitate code changes to implement bug fixes, and make improvements or upgrades to our supported projects, allowing them to advance in quality, features, or proper documentation of code at a much faster pace.

Latest News On OSTIF.org

OpenSSL Fundraiser Progress Updates

OpenSSL 1.1.1 Fundraising Progress (This post will be updated regularly as we gain more sponsors and progress toward our total goal.) We are happy to announce that we have raised 36% of the money needed to audit OpenSSL 1.1.1 with three weeks of fundraising completed. We expect to meet our goal by years-end if progress continues

The OSTIF Public Books Have Been Updated – Oct 2017

The OSTIF Public Books Have Been Updated - October 2017 We have updated our 2017 Books to current, and they can be viewed here:   https://docs.google.com/spreadsheets/d/1OqWBlNwk5be2c74cRlmYOdhLWPeCjCBAALxYCdMwIaM Highlights since the last major update of the books: -Private Internet Access has become our first Platinum Sponsor. This means that they have committed to contributing $120,000 USD per year, and will

Congratulations to Guido Vranken for earning our first bug bounty!

Security researcher Guido Vranken has had the honor of being our first bug bounty payout totaling $5000 USD for his work on fuzzing OpenVPN 2.4.2 and finding a variety of memsafe and error handling flaws, responsibly disclosing them, and working with OSTIF and the OpenVPN security team to integrate his custom code into the

The OpenSSL 1.1.1 Audit Fundraising has Begun!

The OpenSSL 1.1.1 Audit Fundraising has Begun! What are we doing? Like our other fundraisers, OSTIF is reaching out to the public to fund a thorough and open audit of OpenSSL 1.1.1. This particular version is important because OpenSSL 1.1.1 introduces significant pieces of new code to implement the new TLS 1.3 standard. Millions of websites (including

OSTIF Now Accepts Monero Donations

We have set up the infrastructure to enable donations via Monero. Monero is a fully open-source and decentralized cryptocurrency that improves on the privacy shortcomings of Bitcoin through obfuscation technologies like RingCT and is currently working on an i2p based routing system to further privatize transactions, called Kovri. The Monero project has been instrumental in improving

The OSTIF Bug Bounty Program has Officially Begun

The OSTIF Bug Bounty Program has Officially Begun We are proud to announce that the pilot program for OSTIF bug bounties has started. This means that researchers around the world can now find application and security flaws in OpenVPN and VeraCrypt for monetary and career-building rewards. The maximum award for OpenVPN and VeraCrypt is a $5000

How to install a hidden Windows 7 Operating System with VeraCrypt

We have just posted our Windows 7 hidden operating system guide on YouTube here: https://www.youtube.com/watch?v=BFfl-YGsOGA In this guide, we show you how to create a VeraCrypt Windows 7 hidden operating system. This enables you to hide your operating system within an encrypted partition, creating data assurance for your OS and maximum privacy. VeraCrypt is powerful, free, open-source

OSTIF’s 2017 Open Books Have Been Updated

OSTIF's 2017 Open Books Have Been Updated Our commitment to keep our financial transactions fully transparent continues. We have updated our public books to current. You can view them here: https://docs.google.com/spreadsheets/d/1OqWBlNwk5be2c74cRlmYOdhLWPeCjCBAALxYCdMwIaM/ Our biggest items of note in 2017 so far are the donations and expenses related to the OpenVPN 2.4 fundraiser. You can view the results of the OpenVPN

The OpenVPN 2.4.0 Audit by OSTIF and QuarksLab Results

The OSTIF and QuarksLab audit of OpenVPN 2.4.0 has been completed, and this is the public release of the results. The quick and dirty: OpenVPN 2.4.0, the NDIS6 TAP Driver for Windows, the Windows GUI, and Linux versions were evaluated. This release included a number of new features including control channel encryption. QuarksLab found: 1 Critical/High Vulnerability CVE-2017-7478 1