FOSSA the EU finances bug bounty for 14 open source projects
FOSSA: The European Union will fund bug bounty programs for 14 open source projects, according EU Member Julia Reda.
14 projects are alphabetical known applications:
7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, GNU C Library (glibc), KeePass, MidPoint, Notepad ++, PuTTY, PHP framework, VLC Media Player, and WSO2 .
The bug bounty programs (bug tracking programs in the application code) are funded under the third edition of the Free and Open Source Software Audit (FOSSA) project.
EU authorities first approached FOSSA with 2015 when security researchers discovered one year earlier serious vulnerabilities in the OpenSSL library, an open source project that websites (and not just) use to support HTTPS connections.
"The issue has made many realize the importance of Free and Open Source Software for the integrity and reliability of the Internet and other infrastructures," Reda said in a statement.
Like many other organizations, institutions such as the European Parliament, the European Council and the European Commission are based on Free Software for the operation of their websites.
The first edition of FOSSA was piloted between 2015 and 2016, with an initial budget of 1 million. The EU has captured the most popular open source projects used by EU offices and officials and has carried out public research to decide which ones to fund. Two projects were selected, the Apache web server and the KeePass password manager.
FOSSA 2 held 2017 as a bounty bug in HackerOne for VLC Media Player. The program received funding of 2 million.
Now, FOSSA returns for its third edition with budgets for 14 bounty bug programs. The higher budgets are for PuTTY and the Drupal CMS web application.
|Software||Financing||Inception||Expiry||Bug Bounty Platform|
|Notepad + +||71.000,00€||07/01/2019||15/08/2019||HackerOne|
|VLC Media Player||58.000,00€||07/01/2019||15/08/2019||HackerOne|
|FLUX TL||34.000,00€||15/01/2019||15/10/2019||Learn / Deloitte|
|KeePass||71.000,00€||15/01/2019||31/07/2019||Learn / Deloitte|
|7-zip||58.000,00€||30/01/2019||15/04/2020||Learn / Deloitte|
|Digital Signature Services (DSS)||25.000,00€||30/01/2019||15/10/2019||Learn / Deloitte|
|Drupal||89.000,00€||30/01/2019||15/10/2020||Learn / Deloitte|
|GNU C Library (glibc)||45.000,00€||30/01/2019||15/12/2019||Learn / Deloitte|
|PHP Symfony||39.000,00€||30/01/2019||15/10/2019||Learn / Deloitte|
|Apache Tomcat||39.000,00€||30/01/2019||15/10/2019||Learn / Deloitte|
|WSO2||58.000,00€||30/01/2019||15/04/2020||Learn / Deloitte|
As of January, researchers and security companies can hunt vulnerabilities in the above open source projects. By reporting possible bugs in the applications above, they can earn money from the EU if the errors they find are critical.