About Bug Bounties

As a charity, we only work on open source projects but we do accept sponsored work that can be embargoed for up to 6 months. We believe this embargo provides a small benefit to a sponsor while at the same time still donating the work to the world.

When you donate to fix a bug, approximately 20% of each bounty donations is used for the general fund of the Foundation.

The management of the bug bounty work is provided by the Foundation volunteers and at this time the programming work is done by contractors.

Disclosure: One of the consultants used by the Foundation is PCCC.com. Kevin A. McGrail, a foundation director, is a shareholder in PCCC. PCCC is a sponsor of the foundation and provides it's work at cost to the foundation. PCCC follows a detailed conflict of interest policy for work on Apache Software Foundation (ASF) projects and projects that use The ASF's voting procedures.

While we would love to grow larger, we do not anticipate hiring any programmers directly due to the varied skills needed and the overall costs. This model provides maximizes donations by keeping overhead as low as possible.

The foundation has adopted this same policy and any programmers with voting rights on a project will only exercise those rights as individuals independent of the foundation's influence to ensure the integrity of the project is maintained.

In order to preserve this integrity, the foundation can only to perform the work and submit it to the project for consideration with no guarantee that the submission will be accepted or included in a release.

We appreciate all Sponsors and any amount will help. Donations over $2,500 will be recognized on the projects page!

If you are interested in helping the foundation by provide stability and support for projects like MIMEDefang, Apache SpamAssassin, Apache Http Server, and the KAM.cf ruleset, please consider a sponsoring today.