My OTF Apply
My OTF Apply

Red Team Lab

Project information

If yes or maybe, please provide more information below. If you're a current or previous OTF project or fellow, check yes.

Include links to your past submissions and project pages, if appropriate.

Please briefly provide contextual or background information regarding the problem your project is addressing.

See for more info about our mission and goals.

Put another way, who are your target beneficiaries, target markets, etc? OTF's focus is to help people in repressive countries whose internet freedom is under attack through censorship and privacy violations online. The most competitive submissions are directly or indirectly benefiting those people.

Request information

If you chose "Requesting to receive services for my project" earlier, do not worry much about this value, you can leave it blank or put in zero. In USD and no more than 25,000. If you are requesting direct funding, state how much you need. If you are a service partner (someone applying on behalf of the project), state how much you expect the effort to cost.

In months. If you chose "Requesting to receive services for my project" earlier, do not worry much about this value If you are not a service partner or applying on behalf of someone else, this can be anything.

Less is more. We may request that you re-submit an application for individual needs.

Put another way, what is the Scope of Work (SoW), key objectives, and outputs. A list is fine.

Categories that describe your project

This is another less is more, only chose the ones that most apply or that apply first (are your priority). We do this for all our submissions.

Additional information

Information about you

Only fill out what is required. If you are requesting direct support (funds from us to you), you should complete all of the information

If different from the above.

If different from the above.

Assessment for audit requests

If you are requesting a security audit, please complete this section. If not, you can ignore these questions.

Important acknowledgements

Unless noted otherwise, if you do not answer Yes for each question in this section, we will most likely not consider your request.

This is to ensure the audit's findings are not misrepresented. You always have the ability to share the audits final report publicly or privately whenever or with whoever you want.

After the final report has been issued, you have 180 days to publicly disclose all of the vulnerabilities and other findings identified during the audit. After 180 days, we will publish the final report in full. You can totally publish it before that too. Under reasonable and rare circumstances, we may consider allowing for more time. Point is, you acknowledge that this report will be public.

This question is one of those that you do not have to answer yes. If your project is not open source, you can sign an NDA with the auditor, as a condition of accessing and reviewing the source code. You will have to share the NDA with OTF for review before we allow the auditor to conduct the audit. The NDA must allow the auditor to disclose all findings and results of their audit to OTF, but shall not require disclosure of the source code to OTF. The NDA must allow for responsible public disclosure of vulnerabilities that remain unresolved 180 days after the final report has been delivered to you and for OTF to publicly publish the final report in full 180 days after it has been delivered to you.

Scoping information