EU Offers Big Bug Bounties On 14 Open Source Software Projects (juliareda.eu)
Julia Reda is a member of Germany's Pirate Party, a member of the European Parliament, and the Vice-President of The Greens-European Free Alliance.
Thursday her official web site announced: In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL.... The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure.... That is why my colleague Max Andersson and I started the Free and Open Source Software Audit project: FOSSA... In 2017, the project was extended for three more years. This time, we decided to go one step further and added the carrying out of Bug Bounties on important Free Software projects to the list of measures we wanted to put in place to increase the security of Free and Open Source Software...
In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.
The bounties start at 25.000,00 € -- about $29,000 USD -- rising as high as 90.000,00 € ($103,000). "The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software," Reda writes.
Click through for a list of the software projects for which bug bounties will be offered.
Thursday her official web site announced: In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL.... The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure.... That is why my colleague Max Andersson and I started the Free and Open Source Software Audit project: FOSSA... In 2017, the project was extended for three more years. This time, we decided to go one step further and added the carrying out of Bug Bounties on important Free Software projects to the list of measures we wanted to put in place to increase the security of Free and Open Source Software...
In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.
The bounties start at 25.000,00 € -- about $29,000 USD -- rising as high as 90.000,00 € ($103,000). "The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software," Reda writes.
Click through for a list of the software projects for which bug bounties will be offered.
- Filezilla
- Apache Kafka
- Notepad++
- PuTTY
- VLC Media Player
- FLUX TL
- KeePass
- 7-zip
- Digital Signature Services (DSS)
- Drupal
- GNU C Library (glibc)
- PHP Symfony
- Apache Tomcat
- WSO2
at its finest.
OK, let's paint the big picture here.
The E.U. just prints money. Every "green", "OSS", or any similar move that they've done, has been initiated because they wanted to absorb a buttload of money.
e.g. there are many members of the e.u. parliament, with ties to "green" companies, that have been getting many years money due to their "green" operations.
Now, what's this "initiative"? This is probably the same high corruption scum. These projects could've been funded, with manpower ofc, not direct funding, in order to help free s/w. A 90k bounty for a bug doesn't solve the problem.
A 2 year contract for graduate with 90k in total, could've benefited such projects in greater extend by just fixing a bug. You could help a graduate start filling his CV, you could give man power to projects that need it and in the end those people could fix critical bugs, non-critical ones and even contribute more features.
Bug bounty hunting for non-corporate s/w is wasteful and doesn't help neither(is this considered a double negative?) the project that much, nor contributes back to developers who want to work on it but don't have the experience to deal with those bugs *in-time*.
Wonder if that "free" from the EU comes with some new "free" regulations too?
Domestic spying is now "Benign Information Gathering"