EU to fund open-source bug bounty programmes

The EU is going to help cover the costs of bug bounty programmes for a total of 15 open-source projects, of which 14 will be launched in January 2019.

Julia Reda, an EU member of parliament, announced last week in her blog post that the programs are rewards for friendly bug hunters who actively discover security flaws and vulnerabilities.

The list of projects that will receive funding for their bug bounty programmes are Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player, 7-Zip and WSO2.

Monetary rewards

The bug hunters will receive rewards ranging from €25,000 to €90,000 (£22,555 to £81,199), for a total offered amount of €851,000 (£767,859).

However, Reda said the sum of the rewards would depend on the severity of the issues discovered.

Through this process, Reda said that the government hopes to bring a community of bug hunters together who share the common goal of making the Internet a safer and more reliable place.

The third edition of FOSSA

The bug bounty programmes are being sponsored as a part of their third edition of the Free and Open Source Software Audit project (FOSSA).

In her blog post, Reda highlighted the importance of free and open source software, by saying: “In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL. This type of software is called a library because it provides standard functions to a huge number of other software. And they subsequently suffered from the issue.

“The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructures. Like many other organisations, institutions like the European Parliament, the Council and the Commission build upon Free Software to run their websites and many other things.”

Beginning in January, security researchers and companies can contribute to the project by submitting any bugs or issues found in the open source projects chosen for FOSSA 3.

Related Posts