onlyTrustedInfo.comonlyTrustedInfo.comonlyTrustedInfo.com
Font ResizerAa
  • News
  • Finance
  • Sports
  • Life
  • Entertainment
  • Tech
Reading: A new security fund opens up to help protect the fediverse
Share
onlyTrustedInfo.comonlyTrustedInfo.com
Font ResizerAa
  • News
  • Finance
  • Sports
  • Life
  • Entertainment
  • Tech
Search
  • News
  • Finance
  • Sports
  • Life
  • Entertainment
  • Tech
  • Advertise
  • Advertise
© 2025 OnlyTrustedInfo.com . All Rights Reserved.
Tech

A new security fund opens up to help protect the fediverse

Last updated: April 2, 2025 11:20 am
OnlyTrustedInfo.com
Share
4 Min Read
A new security fund opens up to help protect the fediverse
SHARE

The fediverse, also known as the open social web that includes Mastodon, Meta’s Threads, Pixelfed, and other apps, is ramping up its security. On Wednesday, a nonprofit focused on bringing governance to open source projects, the Nivenly Foundation, announced the launch of a new security fund that will pay those who responsibly disclose security vulnerabilities that affect fediverse apps and services.

While all software can have security issues, Mastodon — an open source and decentralized alternative to X — has fixed numerous bugs over the years, leading to the need for such a program. Another issue found in the fediverse is that many servers are run by independent operators who don’t necessarily have a security background or understand best practices.

Already, the Nivenly Foundation has helped a few fediverse projects set up their basic security vulnerability reporting process, and now it’s looking to distribute small payouts to anyone who responsibly discloses other security vulnerabilities that may still be in the wild.

The payouts will total $250 for vulnerabilities with a vulnerability severity score (known as CVSS) of 7.0-8.9 and $500 for more critical vulnerabilities with a CVSS score of 9.0 or greater. The funds for the payouts come from the foundation, which is supported directly by members that includes individuals as well as other trade organizations.

The vulnerabilities themselves are validated by acceptance from the fediverse project leads as well as public records in vulnerability disclosure (CVE) databases.

The fund is currently in a limited trial after the discovery of a security vulnerability in the decentralized Instagram alternative, Pixelfed. Open source contributor Emelia Smith came across the issue, and the Nivenly Foundation paid her to fix it, she explains.

The issue was complicated by the fact that Pixelfed’s creator, Daniel Supernault had made the details public before server operators had a chance to update, which would have left the fediverse vulnerable to bad actors, she says. (Supernault has already apologized publicly for his handling of the issue that had affected private accounts.)

“Part of the program is…education for project leads, helping them understand why responsible disclosure practices for security vulnerabilities are important,” Smith told TechCrunch. “We came across several projects that just said ‘file security vulnerabilities in our public issue tracker,’ which absolutely isn’t safe, as any malicious actor watching that repository would now be able to attack instances of that software,” she added.

Typically, the common practice is to disclose minimal information about a vulnerability, giving server operators time to upgrade, Smith said. However, this requires that project leads understand security best practices.

In the case of the Pixelfed issue, for instance, the Hachyderm Mastodon server, which has over 9,500 members, decided it needed to defederate (or disconnect from) other Pixelfed servers that hadn’t been updated in order to protect their users.

With this new program designed to follow best practices around the disclosure of vulnerabilities, the need to defederate to protect users may become less common.

You Might Also Like

The One Place on Social Media That Still Feels Human

Artemis II: NASA’s Bold Return to the Moon and Why It Matters for Humanity

Korea and Singapore Seal AI-to-Atom Pact That Will Reshape Asian Tech Supply Chains

Meet the Cookiecutter Shark, a Bizarre Predator With a Signature Circular Bite

US peregrine falcons adapt well to city living as their coastal cousins struggle with bird flu

Share This Article
Facebook X Copy Link Print
Share
Previous Article Anthropic launches an AI chatbot plan for colleges and universities Anthropic launches an AI chatbot plan for colleges and universities
Next Article Several Colorado students’ visas revoked at CU and CSU, universities say Several Colorado students’ visas revoked at CU and CSU, universities say

Latest News

Prince Andrew’s Legal Peril Deepens: Transatlantic Probe Targets Giuffre Family
Entertainment July 11, 2026
Sofia Vergara’s Etro Dress: The Keyhole Cutout That’s Turning Heads on Italian Streets
Entertainment July 11, 2026
Rick Springfield at 76: How the ‘Jessie’s Girl’ Icon Redefined Aging in Rock with His Viral Physique
Entertainment July 11, 2026
Prince Harry and Meghan’s Children Reunite with King Charles: A Royal Family Milestone After Years of Tension
Entertainment July 11, 2026
//
  • About Us
  • Contact US
  • Privacy Policy
onlyTrustedInfo.comonlyTrustedInfo.com
© 2026 OnlyTrustedInfo.com . All Rights Reserved.