Newsletter: Fellowship for Maintainers, 7 Bug Bounties for Security Researchers, FOSS at the UN

This month, we’re sharing updates on our fellowship for maintainers pilot program, the United Nations OSPOs for Good conference, a blog post by STF technologist Tara Tarakiyee about the netmundial+10 meeting, and a call for security researchers for five new bug bounties.

If you’d like to find out about these updates as they happen, you can find the Sovereign Tech Fund on Mastodon, LinkedIn, Twitter, and Bluesky.

We're thrilled to share details about our fellowship pilot program. This new initiative aims to address a critical challenge in the open source ecosystem: supporting the dedicated individuals who keep our digital infrastructure running.

We're planning to start accepting fellowship applications by the end of Q3 2024, with selected maintainers beginning their fellowships in Q4.

STF program manager Mirko Swillus explains more about the fellowship in a post on our blog.

More about the fellowship

Germany was a host country of the 2nd UN summit on open source in early July 2024. Adriana Groh & Fiona Krakenbürger presented how STF strengthens the FOSS ecosystem and how, with ZenDiS, we’re pioneering a holistic approach for the role governments can play.

In particular, it was a call for governments to look beyond governance and take a more active and collaborative role.

Read more

We're calling on security researchers to help enhance the resilience of open digital infrastructure. Participate in the bug & fix bounties of seven critical software projects: systemd, Sequoia PGP, OpenPGP.js, ntpd-rs, Apache Log4j, CycloneDX Rust, and Glib.

Having recently added five new software projects to this part of the Bug Resilience Program, there’s a lot of code to look at. Find and report potential vulnerabilities responsibly, in exchange for a bug bounty.

Read more

STF technologist Tara Tarakiyee went to the NETmundial+10 global meeting in São Paulo, Brazil, and shares insights on a decade of internet governance and the future of governing digital infrastructure in the public interest.

Read more

The STF team raises awareness about how important open source digital technologies are. Here are some opportunities we’ve had to talk about STF’s mission and how we’re implementing it.

• In early July, Adriana Groh, Fiona Krakenbürger, and Powen Shiah attended the OSPOs for Good conference at the United Nations in New York, NY.
  • Adriana gave a keynote with ZenDiS’ Andreas Reckert-Lodde: video in English.
• Adriana Groh was interviewed for the 185th episode of the eGovernment podcast: episode in German
• On 7 August 2024, Tara Tarakiyee spoke at the Charter of Trust meeting in Braunschweig, Germany.
• 16 - 18 August 2024, Mirko Swillus will be attending and speaking at FrOSCon in Bonn, Germany.
• On 31 August 2024, Adriana Groh will speak at Zeit Online’s Z2X Festival in Berlin, Germany.
• On 12 September 2024, Mirko Swillus will be speaking at Bitkom Forum Open Source in Erfurt, Germany.
• 16 - 19 September 2024, several members of the team will be attending and speaking at Open Source Summit Europe and co-located events in Vienna, Austria.
• 20 - 22 September 2024, Mirko Swillus will be speaking at Datenspuren in Dresden, Germany

The projects and technologies in which STF invests sometimes share updates about the work they’re accomplishing with our support. Hear from the FOSS maintainers and communities directly:

• Apache Log4j:
  • https://logging.apache.org/blog/2024/07/25/Log4j-At-Community-Over-Code-2024.html
  • https://logging.apache.org/blog/2024/08/12/log4j-bug-bounty.html
• Coreutils: https://github.com/uutils/coreutils/releases/tag/0.0.27
• Pendulum:
  • https://github.com/pendulum-project/ntpd-rs/discussions/1547
  • https://letsencrypt.org/2024/06/24/ntpd-rs-deployment
  • https://trifectatech.org/blog/trifecta-tech-foundation-announcement/
• GNOME:
  • https://thisweek.gnome.org/posts/2024/08/twig-160/
  • https://www.codethink.co.uk/articles/2024/A-new-way-to-develop-on-Linux-PartII/
• GStreamer: https://ystreet00.blogspot.com/2024/06/gstreamer-rtp-session-handling-in-rust.html
• Haskell Cabal: https://well-typed.com/blog/2024/06/ghc-activities-report-march-may-2024/
• p5.js:
  • https://www.linkedin.com/posts/abekaren_the-new-look-for-httpsp5jsorg-is-here-activity-7221263078447796224-pfs1
  • https://p5js.org/events/stf-2024/
• Reproducible Builds: https://reproducible-builds.org/reports/2024-07/
• RubyGems: https://blog.rubygems.org/2024/07/23/june-rubygems-updates.html
• Rusty SBOMs: https://ferrous-systems.com/blog/stackable-client/
• Sequoia PGP (as part of the Bug Resilience Program) https://neighbourhood.ie/blog/2024/08/07/nh-stf-s01e01-sequoia-pgp
• systemd: https://www.codethink.co.uk/articles/2024/systemd-integration-testing-part-1/
• Yocto Project: https://tfir.io/from-mars-to-deep-oceans-how-yocto-project-is-taking-linux-to-new-frontiers/