FlipboardApr 2, 2025

@nivenly, an organization that supports open-source services and projects, has launched the Fediverse Security Fund. This member-supported program will pay people who identify and fix security vulnerabilities that might affect fediverse services and apps. “Part of the program is…education for project leads, helping them understand why responsible disclosure practices for security vulnerabilities are important,” open source contributor @thisismissem told @Sarahp. Here's her story for @TechCrunch

https://flip.it/B-cWKk

#Fediverse #OpenSource #OpenSocialWeb #NivenlyFoundation #FediverseSecurityFund

A new security fund opens up to help protect the fediverse | TechCrunch

A new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.

TechCrunch
Emelia 👸🏻Apr 2, 2025

This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.

You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.

I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)

#fediverse #security #nivenly #FediverseSecurityFund

RE: https://hachyderm.io/@nivenly/114268491892140498

The Nivenly Foundation (@[email protected])

Over the past year, we've been thinking about how we can improve the security of the Fediverse to provide a safer, more trustworthy experience for people of the Fediverse. Today we're launching a time-and-funds limited Fediverse Security Fund, where we will pay researchers and contributors for the responsible disclosure of security vulnerabilities in open-source Fediverse software. We're starting small as an experiment to gauge interest, figure out our processes, and eventually decide if/how to expand this program and make it more permanent. If you're a security researcher or upstream contributor, join us in making the Fediverse a safer place. You can read more about this program on our blog: https://nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/

Hachyderm.io