Criteria for joining the Bug Resilience Program

Learn more about the criteria for becoming part of the Bug Resilience Program.


The Bug Resilience Program is open for open digital base technologies to join and benefit from the offered services.

Unfortunately, we cannot provide prior advice on whether a project generally falls under our objectives. If you would like to apply to join the program, please first check thoroughly whether all the criteria listed below apply.

On this page:


Submission through our application system: submissions must be completed through the online application portal. No supplemental materials should be sent via email or any other form of communication at this time.

Completeness: applications must be completed in German or English. The questions must be answered to a degree that allows us to assess and evaluate the applications.

Compatibility with STF criteria: The criteria for projects eligible to join the BRP are harmonized with the criteria for Sovereign Tech Fund funding. If a project has received prior STF investment, then it is automatically eligible to join the BRP and does not need to apply. Contact your STF program manager for more details.

FOSS: all code and documentation to be supported must be licensed such that it may be freely reusable, changeable, and redistributable. OSI-approved or FSF Free/Libre licenses are acceptable for code. Creative-Commons-like licenses for documentation may not include non-commercial or “no derivative” clauses.

Selection Criteria

The Bug Resilience Program is open to open digital base technologies that are vital to the development of other software or enable digital networking. We provide services to projects that benefit and strengthen the open source ecosystem. Examples include libraries for programming languages, package managers, open implementations of communication protocols, administration tools for developers, digital encryption technologies, and more. We do not finance the development of prototypes. STF’s currently funded projects show the range and type of technologies that characterize open digital base technologies.

We are currently not looking for user-facing applications, such as messaging apps or file storage services. If this changes, we will announce it here. We only provide services to technologies with societal relevance, i.e., technologies from which a broad public benefits or on which particularly vulnerable groups depend. The public interest in these technologies is not measured solely by the number of users, but also by their criticality in particularly important areas of society. The goal of program is the independent use of digital technologies, as well as security, stability, and (technological) diversity.

To be eligible to join the Bug Resilience Program, technologies must be under-supplied or threatened by other circumstances, acute or long-term, such as market consolidation or severe dependencies. The lack of support and resources or technical alternatives places the technologies in a vulnerable state that threatens the existence and sustainability of the project. Applicants must clearly state the extent to which there is underuse or overuse. We understand that these can have different manifestations and causes.

Evaluation Criteria

The above criteria determine whether an application should be evaluated for support. Applications that generally meet the formal and selection criteria are then evaluated for eligibility based on the responses to the questions in the application form.

The three factors most important for our evaluation and discussion are the relevance, prevalence, and vulnerability of a project. Prevalence and relevance are considered in tandem with each other. It is the prevalence of a technology and the relevance of the sector(s) in which it is used that are considered to paint a complete picture of how critical a technology is.

We consider technologies whose longevity or safety is at risk to be vulnerable. Risk factors here include a lack of financial support, for example, but also a lack of personnel or a lack of governance structures. The reasons for these risk factors can vary, but we mostly consider any structural risks that can affect the continued existence of the technology in question.

Evaluation is generally guided by considering the public interest. That is, we consider the impact of the technology on society. We consider whether it has a broad impact that benefits society as a whole, or a very specific impact that is important for critical or vulnerable sectors of society that are important for the public interest.

Application Platform

Thank you for reviewing all of the Bug Resilience Program’s criteria. To start an application, click below to go to our application platform.

Go to the application platform

Create an account to submit an application. Please note that you will only receive a submission confirmation from us if you agreed to receive emails or SMS from us when you registered. If you change this in the settings after your registration, it will only affect future messages from us, such as acceptances or rejections.

Download a preview of the application form (PDF)

You can find more details about the application process on the program page.