Bug Bounties

We create bounties that will be paid out to anyone who finds a major security bug in any of our supported projects. These grants will incentivize the world to comb through the code of our projects and look for problems, dramatically improving the world's confidence in the integrity and security of the projects.

Professional Audits

We give grants to well-known professionals or organizations to audit code and look for bugs, clandestine back doors, or other errata that could compromise security. This adds another layer of oversight and integrity checking to reinforce the trust in all of our supported projects.

Direct Funding

We give grants to worthy projects to enable them to hire staff. This will facilitate code changes to implement bug fixes, and make improvements or upgrades to our supported projects, allowing them to advance in quality, features, or proper documentation of code at a much faster pace.

Latest News On OSTIF.org

The OpenVPN Audit Begins February 15th 2017

The OpenVPN Audit Begins February 15th 2017 The OpenVPN audit is going to be carried out as planned by QuarksLab's Gabriel Campana and Jean-Baptiste Bedrune on February 15th 2017. There will be 90 man-days of work completed throughout this audit and it will take approximately 45 days to complete. During this time period, we will work with

T-Shirts are being ordered next week!

After our successful fundraiser for OpenVPN, we are now moving forward with getting shirts for our supporters printed and shipped out. You can see the designs here. We have sent emails out to our individual contributors that have made qualifying donations already. Check your emails! Some of you donated through anonymous methods where we could not

The OpenVPN Fundraiser Has Hit It’s Goal – Work On The Audit Begins

The OpenVPN Fundraiser Has Hit It's Goal - Work On The Audit Begins We are delighted to announce that the Open Source Technology Improvement Fund has surpassed it's target goal of $71,000 USD with two weeks of fundraising to spare! We are continuing to seek donations until fundraising officially ends on January 1st. Our community: A

More OpenVPN Updates!

Progress! Goals! Collaboration! We are reporting in with more progress updates on our fundraising, more specifics on our goals, and some positive news about collaboration. Fundraising: We have secured substantially more funding over the last few days, increasing our total cash raised to $41000. This places us at about 60% of our $71000 goal! We have had

OpenVPN Audit Updates – News – And More!

Fundraising Is Going Well, Progress Is Fast! We have had a lot of early success with our OpenVPN fundraiser, and the community response to the project has been tremendous with privacy advocates, VPN review sites, and VPN providers coming together to raise over $34,000 USD over the last two weeks. We think we are on

OSTIF is Beginning a Fundraiser for OpenVPN – Let’s Get it Audited!

OSTIF is Beginning a Fundraiser for OpenVPN - Let's Get it Audited! Edit: Updates about the progress of this fundraiser are here: https://ostif.org/openvpn-audit-updates-news-and-more/ Today marks the first day of our OpenVPN fundraiser. We are asking for your support to get one of the most widely used networking applications in the world audited. How you can support this effort: -Donate

OSTIF T-shirts Available to Donors!

Beautiful. Elegant. Stylish. Intelligent. These are the words that I, Derek Zimmer, and possibly someone else will describe you as when you are wearing our new OSTIF t-shirts! The design is a black shirt with the white OSTIF.org logo on the front, and the back is a negative of Snowden Document 20320108. This is the document that showed that

The VeraCrypt Audit Results

The QuarksLab audit of VeraCrypt has been completed, and this is the public release of the results. The quick and dirty: VeraCrypt 1.18 and its bootloaders were evaluated. This release included a number of new features including non-western developed encryption options, a boot loader that supports UEFI (modern BIOSes), and more. QuarksLab found: 8 Critical Vulnerabilities 3 Medium Vulnerabilities 15

MySQL 0-day Vulnerability Underscores the Need for OSTIF

On September 12th of this month, MySQL, the #1 database software in the world, suffered a 0-day exposure of a bug of the worst kind. It allows an authenticated remote attacker to take full control of any server running the software, regardless of the user's privileges in the database. This Escalation of Privilege vulnerability is a serious