EU to sponsor bug bounty programs for 14 open source projects from January 2019

2 min read

Julia Reda, EU member of the parliament, announced, last week, that EU will be funding the internet bug bounty programs for 14 out of the total 15 open source projects, starting January 2019.

The Internet Bug Bounty programs are rewards for friendly hackers who actively search for security vulnerabilities and issues. The program is managed by a group of volunteers that are selected from the security community. The amount of the bounty depends on how severe the issue uncovered is and the importance of the software. The amount ranges from 25,000,00 Euros and all the way up to 89,000,00 Euros.

The 14 open source projects include:

Filezilla
Apache Kafka
Notepad++
PuTTY
VLC media player
FLUX TL
KeePass
7-zip
Digital Signature services (DSS)
Drupal
GNU C library (glibc)
The Symfony PHP framework
Apache Tomcat
WSO2
MidPoint.

EU is sponsoring the bug bounty programs as a part of their third edition of the Free and Open Source Software Audit project (FOSSA). Reda mentions that FOSSA project that started in 2015, was an initiative to encourage promotion of free and open source software.

“In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL.The issue made lots of people realize how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure”, mentions Reda.

People can contribute to the projects mentioned by EU by analyzing the software, and submitting any bugs or issues found in these software on bug bounty platforms such as Hackerone and Intigriti/Deloitte.

For more information, check out Julia Reda’s official blog post.