The Sovereign Tech Fund is now part of the Sovereign Tech Agency.

Newsletter: xz Incident, Hiring, Investments in PHP, GNOME, and Mamba

By Powen Shiah

In Newsletter

Email newsletter on 25 April 2024: xz incident & structural challenges – Hiring an administrative managing director – New investments & bug bounty programs launched

This month, we at the Sovereign Tech Fund would like to share our reaction to the xz incident and highlight an important new position we’re hiring for. Learn about the new open source infrastructure technologies that the Sovereign Tech Fund has commissioned work on.

Thank you to everyone who filled out our survey for open source maintainers to collect input for a fellowship pilot program. As we analyze the responses, we’ll be sharing findings and what we’re learning.

If you’d like to find out about these updates as they happen, you can find the Sovereign Tech Fund on MastodonLinkedIn, Twitter, and Bluesky.


xz incident shows the need for structural change

At Sovereign Tech Fund, we have been following the xz incident closely and listening to the many voices in the FOSS maintainer community. What's clear to us is that the xz incident shows the need for structural change:

Read more


Jobs @ STF

We’re looking for new leader to join our team and help build the agency for open digital infrastructure! As part of STF becoming its own organization, STF and SPRIND are hiring:

If you know people who might be interested, please share this position with them. Applications for the Administrative Managing Director will be accepted through 15 May 2024, and we will post all new positions on our jobs page.


New Investments

We’re excited to be working with these maintainers and FOSS communities, and to support the software that forms the foundation of our shared digital infrastructure.


Bug Bounty Programs Launched

A major milestone for the Bug Resilience Program: we have publicly launched the first bug bounty programs for Sequoia PGP and systemd. We call on all security researchers to roll up their sleeves, to read the scope of the programs carefully, and to help make our core digital infrastructure more secure by reporting any qualifying vulnerabilities they find, in exchange for a reward.

For each responsibly reported and fixed vulnerability, STF also offers a “fix” bounty to participating projects.

More bug bounty programs are coming online in the upcoming weeks, so keep an eye on our channels and keep looking for those vulnerabilities.


STF out and about

The STF team raises awareness about how important open source digital technologies are. Here are some opportunities we’ve had to talk about STF’s mission and how we’re implementing it.


More articles

All articles