EU funds bug bounty programs for 14 open source projects

The European Union has taken a welcome step this New Year and decided fund bug bounty programs for 14 open source projects. EU wants to plug the security flaws in the open source projects used in EU institutions.

This funding is part of EU’s third edition of the Free and Open Source Software Audit (FOSSA) project. The authorities first approved FOSSA in 2015, after a researcher discovered severe vulnerabilities in the OpenSSL library. The first iteration of the project was launched in 2014.

The bug bounty programs include 14 open source software projects with a collective bounty of $1 million. The projects included in bug bounty program include 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC media player, and WSO2.

The first edition of FOSSA was held between 2015 and 2016 as a pilot program which was followed by FOSSA 2 which was held throughout 2017 and this will be the third edition of FOSSA.

Like many other organizations, the European Parliament, EU Council, and the European Commission run their websites and applications using free and open source software. By finding these bug bounty programs, EU wants to strengthen the open source community. Starting this month, i.e. January 2019, security companies and researchers can look for vulnerabilities in these open source projects and be the beneficiaries of these programs provided their reported bugs are acknowledged as genuine vulnerabilities and fixed.