Reward offered for security vulnerabilities found in Fediverse software

A non-profit organization from the USA wants to pay rewards for the discovery and responsible disclosure of security vulnerabilities in Fediverse software as part of an experiment. Like the Nivenly Foundation, individuals will be paid 250 or 500 US dollars depending on the severity of the vulnerabilities found. A total of 5,000 US dollars is available until the end of September. It will then be decided whether and how the program should be continued. Projects such as Mastodon, Pixelfed, Peertube, Misskey, Lemmy, Diaspora and others are to benefit from the experiment.

The experiment stems from the discovery of a security vulnerability at Pixelfed, which the organization has already paid money to fix, reports TechCrunch. Just a few days ago, Pixelfed developer Daniel Supernault publicly apologized for his handling of another vulnerability, which he quickly closed but did not do so properly. One of the aims of the Nivenly Foundation's experiment is therefore to help those responsible for Fediverse software to follow established practices when dealing with security vulnerabilities. The organization has summarized the requirements for participation in the experiment in a text.

Fediverse is the name given to a group of different social networks that are linked via the ActivityPub communication protocol. In recent years, the best-known part has been the short message service Mastodon, which is based on the old Twitter. However, there are also services that focus on photos like the former Instagram (Pixelfed), are intended to enable social exchange like on Facebook (Friendica) or want to establish an alternative to Reddit (Lemmy). Small teams or individuals are usually responsible for the software, which the Nivenly Foundation now wants to support.

Read also

"Unprecedented" growth: Facebook blocks links to Instagram alternative Pixelfed

(mho)