The Nivenly Foundation has introduced a new security fund aimed at strengthening the security of the fediverse, the decentralized network of social media platforms that includes Mastodon, Threads, and Pixelfed. The fund will provide financial rewards to individuals who responsibly disclose security vulnerabilities affecting fediverse applications and services.
As an open-source and decentralized alternative to mainstream platforms, the fediverse has faced ongoing security challenges, particularly since many of its servers are operated by individuals without formal cybersecurity expertise. The Nivenly Foundation has already assisted several fediverse projects in establishing basic security reporting systems, but the new initiative aims to go further by offering direct compensation for vulnerability disclosures.
Under the program, individuals who report vulnerabilities with a severity score of 7.0-8.9 on the Common Vulnerability Scoring System (CVSS) will receive $250, while more critical issues (9.0 or higher) will earn $500. The fund is supported by Nivenly Foundation members, including individuals and trade organizations. Reported vulnerabilities will be reviewed by fediverse project leads and verified through public vulnerability disclosure databases.
The trial phase of the program follows a recent security issue in Pixelfed, a decentralized Instagram alternative. Open-source contributor Emelia Smith identified the vulnerability and received payment from the foundation to address it. Another incident occurred when Pixelfed’s creator, Daniel Supernault, publicly disclosed details of a security flaw before server operators could apply updates, potentially exposing users to threats.
The new initiative also aims to improve security education among project leads, ensuring responsible disclosure practices are followed. By adopting structured vulnerability management, the need for drastic measures like defederation – where servers disconnect from unpatched instances – could become less frequent, ultimately strengthening the fediverse’s overall security.
