EU to fund bug bounties

Ethical hackers could earn up to $100,000 if they can spot vulnerabilities in the free open source software used by the European Union

code syntax on laptop

The European Union (EU) has set up a bug bounty for 15 applications to help uncover security flaws in the most popular free and open source software on the web.

Bug bounties are a prize for people who actively search for security issues and the EU is calling on ethical hackers and developers to help find vulnerabilities in the open source projects it relies on.

The initiative was announced by Julia Reda, a member of the European Pirate Party and the co-founder of The Free and Open Source Software Audit Project (FOSSA), and will see the EU fund 15 bug bounties ranging from $30,000 to $100,000 depending on the software in question and the size of the vulnerability.

The FOSSA project started in 2014 to help improve the overall security of the internet after serious vulnerabilities were found. One of the issues found was in the Open Source encryption library OpenSSL.

"The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure," Reda said. "Like many other organisations, institutions like the European Parliament, the Council and the Commission build upon Free Software to run their websites and many other things.

"But the Internet is not only crucial to our economy and our administration. It is the infrastructure that runs our everyday lives. It is the means we use to retrieve information and to be politically active."

A list of the open source projects - courtesy of Julia Reda's EU profile page

In January the European Commission will launch 14 out of the total 15 bug bounties on free software projects that the EU institutions rely on. The software projects chosen include Filezilla, Apache Kafka and Drupal and were identified as candidates during a public survey.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Golang XML parser vulnerability could enable SAML authentication bypass
vulnerability

Golang XML parser vulnerability could enable SAML authentication bypass

15 Dec 2020
How to automate your infrastructure with Ansible
automation

How to automate your infrastructure with Ansible

2 Dec 2020
The IT Pro Podcast: What COVID-19 can teach us about open data
Data & insights

The IT Pro Podcast: What COVID-19 can teach us about open data

30 Oct 2020
Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021