This section is to help OTF ensure that the project you are seeking support for is within our remit as defined by our mission, values, and principles.
If yes or maybe, please provide more information below. If you're a current or previous OTF project or fellow, check yes.
Include links to your past submissions and project pages, if appropriate.
Please briefly provide contextual or background information regarding the problem your project is addressing.
See https://www.opentech.fund/about/values-principles/ for more info about our mission and goals.
Put another way, who are your target beneficiaries, target markets, etc? OTF's focus is to help people in repressive countries whose internet freedom is under attack through censorship and privacy violations online. The most competitive submissions are directly or indirectly benefiting those people.
This section is for us to gather specific information about your needs.
Less is more. We may request that you re-submit an application for individual needs.
In-kind: Choose this if you are hoping one of OTF's service partners will conduct the work for you Direct: Choose this if you would like OTF to provide you support/funds to conduct the work for yourself Both: Choose this if the request is a mix of both
If you are seeking support from one of our service partners, leave the amount blank or put in zero. If you are a service partner, put in your estimate and then update this with the actual later. If you are requesting direct funding, state an amount.
Do you have specific or ideal deadlines for the completion of the effort? If so, include that here.
If not public, please feel free to attach them below.
This is another less is more, only chose the ones that most apply or that apply first (are your priority). We do this for all our submissions.
Only fill out what is required. If you are requesting direct support (funds from us to you), you should complete all of the information
If different from the above.
If you are requesting a security audit, please complete this section. If not, you can ignore these questions. Some of the questions may not be for the project to complete. Help text is provided to help you distinguish what you can skip. Some information may be completed by OTF or an OTF-assigned service provide to complete after you submit this application. Don't worry about getting it right or wrong. We can work any questions out after you submit.
Unless noted otherwise, if you do not answer Yes for each question in this section, we will most likely not consider your request. You can learn more about OTF's general position of supporting public disclosure in this essay from one of our Advisory Council Members, Bruce Schneier.
This is to ensure the audit's findings are not misrepresented. You always have the ability to share the audits final report publicly or privately whenever or with whoever you want.
After the final report has been issued, you have 180 days to publicly disclose all of the vulnerabilities and other findings identified during the audit. After 180 days, we will publish the final report in full. You can totally publish it before that too. Under reasonable and rare circumstances, we may consider allowing for more time. Point is, you acknowledge that this report will be public.
This question is one of those that you do not have to answer yes. If your project is not open source, you can sign an NDA with the auditor, as a condition of accessing and reviewing the source code. You will have to share the NDA with OTF for review before we allow the auditor to conduct the audit. The NDA must allow the auditor to disclose all findings and results of their audit to OTF, but shall not require disclosure of the source code to OTF. The NDA must allow for responsible public disclosure of vulnerabilities that remain unresolved 180 days after the final report has been delivered to you and for OTF to publicly publish the final report in full 180 days after it has been delivered to you.
Add any needed information here for us to consider the selected partner if needed. Else, leave blank.
Put in the estimate, update with actual.
Initially insert the expected date. Update later with the actual.
If you are not a service partner (for example, you chose "Requesting to receive services for my project" earlier), do not worry much about this value, you can leave it blank or put in zero. If you are someone applying on behalf of a project or a service partner assigned to this submission, state how many people you expect to work on this effort, even if fractional.
If you are not a service partner (for example, you chose "Requesting to receive services for my project" earlier), do not worry much about this value, you can leave it blank or put in zero. In total billable days for all the people working on the project (if you do hours, use decimals), if you are someone applying on behalf of a project or a service partner assigned to this submission, state how many working days you expect this effort to take.
If you have additional information to provide before final approval, add it here. If you are a service partner or someone who's doing the work on behalf of the above project, this could be a PDF of the proposed SoW you need OTF review and approval for or sent the project to outline the work you intend to conduct.
Please attach the final report here as soon as it is completed (before publication).
Whatever is the highest-rated vulnerability on the scale the auditor users, that's what we'd call Critical for the Log
You must have Javascript enabled to use this form.