Red Team Lab

Has your project received OTF support before? *

If yes or maybe, please provide more information below. If you're a current or previous OTF project or fellow, check yes.

What previous support have the project received from OTF in the past?

Include links to your past submissions and project pages, if appropriate.

What is the big challenge is your project trying to address or solve? *

Please briefly provide contextual or background information regarding the problem your project is addressing.

How is your project advancing free expression online directly or indirectly for those being repressed? *

See https://www.opentech.fund/about/values-principles/ for more info about our mission and goals.

Who does your project help? *

Put another way, who are your target beneficiaries, target markets, etc? OTF's focus is to help people in repressive countries whose internet freedom is under attack through censorship and privacy violations online. The most competitive submissions are directly or indirectly benefiting those people.

Do you have an estimate of how much it will cost?

If you chose "Requesting to receive services for my project" earlier, do not worry much about this value, you can leave it blank or put in zero. In USD and no more than 25,000. If you are requesting direct funding, state how much you need. If you are a service partner (someone applying on behalf of the project), state how much you expect the effort to cost.

How long will it take? *

In months. If you chose "Requesting to receive services for my project" earlier, do not worry much about this value If you are not a service partner or applying on behalf of someone else, this can be anything.

What services are you seeking support for? *

Less is more. We may request that you re-submit an application for individual needs.

What are the anticipated outputs and outcomes of this support? *

Put another way, what is the Scope of Work (SoW), key objectives, and outputs. A list is fine.

What is you or your organizations legal name?

If different from the above.

If an organization, who is the primary point of contact?

If different from the above.

Do you agree to share the audit results in their entirety If you chose to share the audit results privately or publicly?

This is to ensure the audit's findings are not misrepresented. You always have the ability to share the audits final report publicly or privately whenever or with whoever you want.

Do you understand that OTF will publish the full results of the audit 180 days after the final report is delivered?

After the final report has been issued, you have 180 days to publicly disclose all of the vulnerabilities and other findings identified during the audit. After 180 days, we will publish the final report in full. You can totally publish it before that too. Under reasonable and rare circumstances, we may consider allowing for more time. Point is, you acknowledge that this report will be public.

Do you require an NDA as a condition of accessing and reviewing your source code? If so, do you understand that the NDA can not keep the auditors from publishing their findings 180 days after you have received the final report?

This question is one of those that you do not have to answer yes. If your project is not open source, you can sign an NDA with the auditor, as a condition of accessing and reviewing the source code. You will have to share the NDA with OTF for review before we allow the auditor to conduct the audit. The NDA must allow the auditor to disclose all findings and results of their audit to OTF, but shall not require disclosure of the source code to OTF. The NDA must allow for responsible public disclosure of vulnerabilities that remain unresolved 180 days after the final report has been delivered to you and for OTF to publicly publish the final report in full 180 days after it has been delivered to you.