Slashdot Mirror
EU Offers Big Bug Bounties On 14 Open Source Software Projects (juliareda.eu)
Julia Reda is a member of Germany's Pirate Party, a member of the European Parliament, and the Vice-President of The Greens-European Free Alliance.
Thursday her official web site announced: In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL.... The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure.... That is why my colleague Max Andersson and I started the Free and Open Source Software Audit project: FOSSA... In 2017, the project was extended for three more years. This time, we decided to go one step further and added the carrying out of Bug Bounties on important Free Software projects to the list of measures we wanted to put in place to increase the security of Free and Open Source Software...
In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.
The bounties start at 25.000,00 € -- about $29,000 USD -- rising as high as 90.000,00 € ($103,000). "The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software," Reda writes.
Click through for a list of the software projects for which bug bounties will be offered.
Thursday her official web site announced: In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL.... The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure.... That is why my colleague Max Andersson and I started the Free and Open Source Software Audit project: FOSSA... In 2017, the project was extended for three more years. This time, we decided to go one step further and added the carrying out of Bug Bounties on important Free Software projects to the list of measures we wanted to put in place to increase the security of Free and Open Source Software...
In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.
The bounties start at 25.000,00 € -- about $29,000 USD -- rising as high as 90.000,00 € ($103,000). "The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software," Reda writes.
Click through for a list of the software projects for which bug bounties will be offered.
- Filezilla
- Apache Kafka
- Notepad++
- PuTTY
- VLC Media Player
- FLUX TL
- KeePass
- 7-zip
- Digital Signature Services (DSS)
- Drupal
- GNU C Library (glibc)
- PHP Symfony
- Apache Tomcat
- WSO2
Why Filezilla, a client for a dying technology?
Who says FTP is a dying technology? It serves a useful purpose. On occasion I need to download virtual machine images around 90GB in size, or larger. Filezilla + FTP is a very robust transport method. Trying to do this over HTTP will frequently run for hours (or days) and require starting over if an error occurs. FTP is also preferable to torrenting for this, since it doesn't require simultaneous uploading and lots of peers downloading the same image.
Paying to find bugs won't make much sense unless you also provide cash to fund the maintainers for additional manpower. Open source maintainers are already spending all their allotted time on maintaining the code. Simply identifying more bugs doesn't fix the manpower issue and makes their job even more difficult.
If you are identifying problems (bugs) you should also offer solutions (funding).