This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.
You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.
I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)
#fediverse #security #nivenly #FediverseSecurityFund
RE: hachyderm.io/@nivenly/11426849β¦
The Nivenly Foundation (@nivenly@hachyderm.io)
Over the past year, we've been thinking about how we can improve the security of the Fediverse to provide a safer, more trustworthy experience for people of the Fediverse.Hachyderm.io
This entry was edited (4 days ago)
