FOSSA the EU finances bug bounty for 14 open source projects

FOSSA: The European Union will fund bug bounty programs for 14 open source projects, according EU Member Julia Reda.


14 projects are alphabetical known applications:

7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, GNU C Library (glibc), KeePass, MidPoint, Notepad ++, PuTTY, PHP framework, VLC Media Player, and WSO2 .

The bug bounty programs (bug tracking programs in the application code) are funded under the third edition of the Free and Open Source Software Audit (FOSSA) project.

EU authorities first approached FOSSA with 2015 when security researchers discovered one year earlier serious vulnerabilities in the OpenSSL library, an open source project that websites (and not just) use to support HTTPS connections.

"The issue has made many realize the importance of Free and Open Source Software for the integrity and reliability of the Internet and other infrastructures," Reda said in a statement.

Like many other organizations, institutions such as the European Parliament, the European Council and the European Commission are based on Free Software for the operation of their websites.

The first edition of FOSSA was piloted between 2015 and 2016, with an initial budget of 1 million. The EU has captured the most popular open source projects used by EU offices and officials and has carried out public research to decide which ones to fund. Two projects were selected, the Apache web server and the KeePass password manager.

FOSSA 2 held 2017 as a bounty bug in HackerOne for VLC Media Player. The program received funding of 2 million.

Now, FOSSA returns for its third edition with budgets for 14 bounty bug programs. The higher budgets are for PuTTY and the Drupal CMS web application.

SoftwareFinancingInceptionExpiryBug Bounty Platform
Apache Kafka58.000,00€07/01/201915/08/2019HackerOne
Notepad + +71.000,00€07/01/201915/08/2019HackerOne
VLC Media Player58.000,00€07/01/201915/08/2019HackerOne
FLUX TL34.000,00€15/01/201915/10/2019Learn / Deloitte
KeePass71.000,00€15/01/201931/07/2019Learn / Deloitte
7-zip58.000,00€30/01/201915/04/2020Learn / Deloitte
Digital Signature Services (DSS)25.000,00€30/01/201915/10/2019Learn / Deloitte
Drupal89.000,00€30/01/201915/10/2020Learn / Deloitte
GNU C Library (glibc)45.000,00€30/01/201915/12/2019Learn / Deloitte
PHP Symfony39.000,00€30/01/201915/10/2019Learn / Deloitte
Apache Tomcat39.000,00€30/01/201915/10/2019Learn / Deloitte
WSO258.000,00€30/01/201915/04/2020Learn / Deloitte

As of January, researchers and security companies can hunt vulnerabilities in the above open source projects. By reporting possible bugs in the applications above, they can earn money from the EU if the errors they find are critical.


Read them Technology News from all over the world, with the validity of

Follow us on Google News at Google news

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

previous Post

Windows 10 version 1903 brings support for AVIF format images

Next Post

Windows 10 OEM product key without third-party tools