Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Offers Big Bug Bounties On 14 Open Source Software Projects (juliareda.eu)

Posted by EditorDavid on from the fistful-of-euros dept.

Julia Reda is a member of Germany's Pirate Party, a member of the European Parliament, and the Vice-President of The Greens-European Free Alliance.

Thursday her official web site announced: In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL.... The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure.... That is why my colleague Max Andersson and I started the Free and Open Source Software Audit project: FOSSA... In 2017, the project was extended for three more years. This time, we decided to go one step further and added the carrying out of Bug Bounties on important Free Software projects to the list of measures we wanted to put in place to increase the security of Free and Open Source Software...

In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.
The bounties start at 25.000,00 € -- about $29,000 USD -- rising as high as 90.000,00 € ($103,000). "The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software," Reda writes.

Click through for a list of the software projects for which bug bounties will be offered.
  • Filezilla
  • Apache Kafka
  • Notepad++
  • PuTTY
  • VLC Media Player
  • FLUX TL
  • KeePass
  • 7-zip
  • Digital Signature Services (DSS)
  • Drupal
  • GNU C Library (glibc)
  • PHP Symfony
  • Apache Tomcat
  • WSO2

6 of 78 comments (clear)

  1. More projects needed by rstanley · · Score: 4, Insightful

    This list should be expanded to include many other projects as well, such as OpenSSH, etc...

    I applaud the EU for their efforts!!!

  2. Re:And who is going to pay for all the updates? by F.Ultra · · Score: 4, Insightful

    And who do you think will pay for what happens if any of the software on that list gets hacked and comprises some governmental or commercial data? Funding research that benefits us all (or most of us) is exactly the thing that tax money should be used for.

  3. Julia Reda rocks! by Anonymous Coward · · Score: 5, Insightful

    It's one of those few politicians who grok IT and software and know what matters, instead of swallowing all the nonsense lobbies throw at them.

    I've heard a couple of talks by her and really wish we had a couple more like her.

  4. Re:Choice? by ShanghaiBill · · Score: 4, Insightful

    Why Filezilla, a client for a dying technology? Why Notepad++

    Because EU institutions rely on them.

    The bounties are for the software they actually use.

    If you think they should be using something else, that is a different issue. Good luck getting an entrenched bureaucracy to change their workflow to fit your whims.

  5. Re:And who is going to pay for all the updates? by ShanghaiBill · · Score: 4, Insightful

    And who is going to pay for all the resulting updates?

    European taxpayers will pay for it.

    The reasoning is that paying for bug fixes will likely be cheaper than paying for security breaches.

    I lean libertarian, yet even I see this as a good use of taxpayer euros. The bug fixes help everyone, and they are leveraging the profit motive of the private sector to make it happen.

    Disclaimer: I am not a European taxpayer.

  6. Re: Hypocricy by Anonymous Coward · · Score: 2, Insightful

    So, your argument is: if you want secure software, you have to buy 'corporate software', because open source software comes with a disclaimer?

    I can only assume you have never read the fine print of corporate software.