Internet security is broken.

Federacy is a cryptoeconomic protocol and decentralized platform for security research and vulnerability management. It will unite open source projects, and the companies that use them, with the largest pool of security researchers ever assembled.

Federacy Overview

Decentralized, real-time vulnerability research, resolution, remediation, and scanning built on community-driven smart contracts.


Incentivized to report and resolve vulnerabilities publicly and to validate the information provided by other researchers.


Incentivized to code review and merge vulnerability resolutions.


Incentivize research into projects or specific vulnerabilities, and create bounties.


Incentivized to contribute to consensus about the vulnerability status of an asset and are a factor for the policy engine.

Smart Contracts

Remove centralized authority and drive the incentivization process for the activities and behavior required for improving security.

Policy Engine

Enables organizations to limit access to an asset (docker, cloud, base image) based on vulnerability status and other authorizations.


James Sulinski

Formerly Director of Engineering, Operations at MoPub before it was acquired by Twitter. Prior to that, he built distributed systems at which was acquired by Facebook.

Arjuna Christensen

Was building distributed systems before devops was even a word. He’s an OG Chef contributor, golang gopher, multicopter/drone racing pilot, and has helped many companies tame unruly systems.

William Sulinski

Founded and was CEO of Pistol Lake and AccelGolf, two venture-funded companies. Prior to that, he led product at ad-tech company, Shareaholic, backed by General Catalyst.

Celeste Reign

Has driven ad ops for numerous scrappy startups and is an epic organizer of information, cataloguer, and spreadsheet virtuoso. A designer and full-stack engineer, Solidity and smart contracts are her new passion.

Reach out

  • keybase team request-access federacy
  • Join us on r/federacy

Help us fix it