FOSSA the EU finances bug bounty for 14 open source projects

FOSSA: The European Union will fund bug bounty programs for 14 open source projects, according EU Member Julia Reda.


14 projects are alphabetical known applications:

7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, GNU C Library (glibc), KeePass, MidPoint, Notepad ++, PuTTY, PHP framework, VLC Media Player, and WSO2 .

The bug bounty programs (bug tracking programs in the application code) are funded under the third edition of the Free and Open Source Software Audit (FOSSA) project.

EU authorities first approached FOSSA with 2015 when security researchers discovered one year earlier serious vulnerabilities in the OpenSSL library, an open source project that websites (and not just) use to support HTTPS connections.

"The issue has made many realize the importance of Free and Open Source Software for the integrity and reliability of the Internet and other infrastructures," Reda said in a statement.

Like many other organizations, institutions such as the European Parliament, the European Council and the European Commission are based on Free Software for the operation of their websites.

The first edition of FOSSA was piloted between 2015 and 2016, with an initial budget of 1 million. The EU has captured the most popular open source projects used by EU offices and officials and has carried out public research to decide which ones to fund. Two projects were selected, the Apache web server and the KeePass password manager.

  How to Disable Private Firefox Browsing

FOSSA 2 held 2017 as a bounty bug in HackerOne for VLC Media Player. The program received funding of 2 million.

Now, FOSSA returns for its third edition with budgets for 14 bounty bug programs. The higher budgets are for PuTTY and the Drupal CMS web application.

Software Financing Inception Expiry Bug Bounty Platform
Filezilla 58.000,00 € 07/01/2019 15/08/2019 HackerOne
Apache Kafka 58.000,00 € 07/01/2019 15/08/2019 HackerOne
Notepad + + 71.000,00 € 07/01/2019 15/08/2019 HackerOne
PuTTY 90.000,00 € 07/01/2019 15/12/2019 HackerOne
VLC Media Player 58.000,00 € 07/01/2019 15/08/2019 HackerOne
FLUX TL 34.000,00 € 15/01/2019 15/10/2019 Learn / Deloitte
KeePass 71.000,00 € 15/01/2019 31/07/2019 Learn / Deloitte
7-zip 58.000,00 € 30/01/2019 15/04/2020 Learn / Deloitte
Digital Signature Services (DSS) 25.000,00 € 30/01/2019 15/10/2019 Learn / Deloitte
Drupal 89.000,00 € 30/01/2019 15/10/2020 Learn / Deloitte
GNU C Library (glibc) 45.000,00 € 30/01/2019 15/12/2019 Learn / Deloitte
PHP Symfony 39.000,00 € 30/01/2019 15/10/2019 Learn / Deloitte
Apache Tomcat 39.000,00 € 30/01/2019 15/10/2019 Learn / Deloitte
WSO2 58.000,00 € 30/01/2019 15/04/2020 Learn / Deloitte
midpoint 58.000,00 € 01/03/2019 15/08/2019 HackerOne
  Twitter Experiments with Emerging Warnings

As of January, researchers and security companies can hunt vulnerabilities in the above open source projects. By reporting possible bugs in the applications above, they can earn money from the EU if the errors they find are critical.


Follow us on Google News at Google news

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published.

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).

72 +    = 81