European Union Will Pay For Finding Bugs In Open Source Software – iProgrammer
The European Commission's Open Source Programme Office has decided to offer bug bounties on popular open source software. What better way of acknowledging OSS's importance than by a state driven sponsorship?
Open Source Software powers everything, from modern servers, to IoT, to the desktops at work and, as it seems, is at the heart of European Union systems too. While this EU bug bounty initiative is welcome, it is not something new; I covered the origins of the program in 2019, see"EU Bug Bounty - Software Security as a Civil Right".
Back then the bounty was focused on OpenSSL and the Heartbleed bug. As everyone knows OpenSSL is really the cornerstone of todays internet-based communication and as such bugs in it compromise the very fabric of society. From the article:
It is amazing to think that the OpenSSL Software Foundation which is responsible for the maintenance of the OpenSSL library, the cornerstone of safe transactions on the Internet used by millions of websites and organizations, receives just $2000 of donation money per year and has only ONE full-time employee working on the library.
All that was revealed after the discovery of the Heartbleed bug, something that finally shook the waters and motivated the big industry names to support the foundation with proper funding.
As such the EU Bug Bounty initiative was launched as part of the Free and Open Source Software Audit (FOSSA) project, thanks to Julia Reda MEP of the EU Pirate Party, who started the project thinking that enough is enough after severe vulnerabilities were discovered in key infrastructure components like OpenSSL. This prompted her to involve the EU Commission in contributing to the security of the Internet.
Patrice-Emmanuel Schmitz, legal expert of Joinup (a venue that enables public administrations, businesses and citizens to share and reuse IT solutions and good practices across Europe)added:
Like bread and beer, free software development is not for free: developers need some incentives, lets say just the money they need for purchasing their bread and beer or for ensuring their family a decent way of life.
In order to provide these incentives, the European Commission is launching in January about 15 bug bounties on Free Software projects that the EU institutions rely on. A bug bounty is a prize for people who actively search for security issues. The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software.
Now there's another round of cybersecurity sponsorship, but under a new name - European Commission Open Source Programme Office (EC OSPO). This time the EU pays for finding security vulnerabilities in LibreOffice, LEOS, Mastodon, Odoo and CryptPad, with an added 20% bonus for providing a code fix for the bugs discovered.
This bonus is very important as once a vulnerability has been identified and reported in many cases the maintainers of the project are slow in getting a patch out. The bonus tries to incentivize bug hunters to propose fixes it as well as finding vulnerabilities, hence leading to a much shorter response time.
The criteria for choosing particular applications were based on their actual use. All of them are open source solutions used by public services across the European Union:
It seems that the security of desktop apps is considered at par with those of the server-side kind. In some cases client-side attacks can be even more dangerous because desktop apps are consumed en masse, and when exploited it's not just some vague hacking attack happening on the Internet resulting in the leaking of credentials and personal information, buttaking full control of the users' PCs, therefore of their complete digital life.
Bug hunters are called to find security vulnerabilities such as leaks of personal data, horizontal/vertical privilege escalation and SQLi. The highest reward will be EUR 5,000 for exceptional vulnerabilities plus, as already mentioned, a 20% bonus if the fix is also provided. The bug bounty is going to be based on theIntigritiplatform, whichwork with teams of every size, shape and industry based in Europe to secure digital assets, protect confidential information and customer data, and strengthen a responsible disclosure process.
European Commission's Open Source Programme Office starts bug bounties
EU Bug Bounty - Software Security as a Civil Right
Joinup-Software Security IS a Civil Right
To be informed about new articles on IProgrammer,sign up for ourweekly newsletter,subscribe to theRSSfeedandfollow us on Twitter,Facebook orLinkedin.
Make a Comment or View Existing Comments Using Disqus
or email your comment to: comments@i-programmer.info
More here:
European Union Will Pay For Finding Bugs In Open Source Software - iProgrammer
- Georgia suspends talks on joining the European Union and accuses the bloc of blackmail - The Associated Press - November 30th, 2024 [November 30th, 2024]
- An update on political advertising in the European Union - The Keyword - November 30th, 2024 [November 30th, 2024]
- Protesters met with force in Georgia following suspension of talks on European Union accession - Civil Rights Defenders - November 30th, 2024 [November 30th, 2024]
- European Union Food Week is Coming to Hyundai Food Market - EEAS - November 30th, 2024 [November 30th, 2024]
- The European Union and International IDEA organised a study visit to Kenya for the National Assembly Gender Committee and the CSO Gender Platform -... - November 30th, 2024 [November 30th, 2024]
- Malawi and the European Union hold Partnership Dialogue - EEAS - November 30th, 2024 [November 30th, 2024]
- Georgia suspends talks on joining the European Union and accuses the bloc of blackmail - News-Press Now - November 30th, 2024 [November 30th, 2024]
- If you're traveling outside the United States this Christmas, you'll have to meet a new requirement to enter the European Union - it's now official -... - November 14th, 2024 [November 14th, 2024]
- What the European Union should expect from Trumps tariffs - Bruegel - November 14th, 2024 [November 14th, 2024]
- Ten countries hope to join the European Union. Here is their formal status - Reuters - November 5th, 2024 [November 5th, 2024]
- What Does an European Union Investigation Mean for Temu? - The Fashion Law - November 5th, 2024 [November 5th, 2024]
- Joint Statement by the European Commission and High Representative Josep Borrell on the second round of Presidential Elections in Moldova - European... - November 5th, 2024 [November 5th, 2024]
- Spanish fugitive deported to European Union country: NIA - Focus Taiwan - October 21st, 2024 [October 21st, 2024]
- Trump says Tim Cook called him to complain about the European Union - The Verge - October 21st, 2024 [October 21st, 2024]
- Joint Press Release : First Partnership Dialogue between the Republic of Seychelles and the European Union - EEAS - October 21st, 2024 [October 21st, 2024]
- European Union member States must shield the International Criminal Court from critical threats - FIDH - October 21st, 2024 [October 21st, 2024]
- Can the European Union get it together on capital markets? This is whats at stake - World Economic Forum - October 21st, 2024 [October 21st, 2024]
- Migration And Asylum Offshoring Top Of European Union Council Agenda - Forbes - October 21st, 2024 [October 21st, 2024]
- Intrigue is unfolding in Moldova around the referendum on joining the European Union - Eurasia Daily - October 21st, 2024 [October 21st, 2024]
- The European Union as a strong actor at the 57th session of the Human Rights Council - EEAS - October 21st, 2024 [October 21st, 2024]
- Meta to European Union: Your Tech Rules Threaten to Squelch the AI Boom - The Wall Street Journal - September 19th, 2024 [September 19th, 2024]
- European Union Considers Suspending Visa Free Travel for Georgia After October 16 Elections Amid Political Tensions and Strained Relations - Travel... - September 19th, 2024 [September 19th, 2024]
- Teva faces European Union antitrust fine over shenanigans to thwart rivals - The Times of Israel - September 12th, 2024 [September 12th, 2024]
- Auditors say European Union is likely exaggerating green spending - The Hindu - September 12th, 2024 [September 12th, 2024]
- China's Wang Wentao to discuss the high European Union tariffs on electric cars next week - HT Auto - September 12th, 2024 [September 12th, 2024]
- Travel Update- Schengen Travelers To Experience A New Era As European Union will begin automated stamping for passports - Travel And Tour World - August 25th, 2024 [August 25th, 2024]
- The Largest Standing Armies of the European Union - Worldatlas.com - August 25th, 2024 [August 25th, 2024]
- China questions, begins probe of European Union subsidies for dairy industry exports - Voice of America - VOA News - August 25th, 2024 [August 25th, 2024]
- Von der Leyen, Costa and Kallas have been approved for EU top jobs. Who are they? What do they do? - KELOLAND.com - June 27th, 2024 [June 27th, 2024]
- Von der Leyen, Costa and Kallas have been approved for EU top jobs. Who are they? What do they do? - WRIC ABC 8News - June 27th, 2024 [June 27th, 2024]
- Apple Intelligence Features Not Coming to European Union at Launch Due to DMA - MacRumors - June 27th, 2024 [June 27th, 2024]
- European Union leaders set to endorse Von der Leyen, Costa and Kallas for the bloc's top jobs | Daily Independent - Daily Independent - June 27th, 2024 [June 27th, 2024]
- European Union leaders agree on top officials who will be the face of world's largest trading bloc - Citrus County Chronicle - June 27th, 2024 [June 27th, 2024]
- Not All Tariffs Are the Same: The Core Differences between U.S. and EU Tariffs against Chinese EVs - CSIS | Center for Strategic and International... - June 27th, 2024 [June 27th, 2024]
- Seeking Safety in Cyprus, They're Stuck in Island's U.N. Buffer Zone - The New York Times - June 12th, 2024 [June 12th, 2024]
- What to Know About Europe's Extra Tariffs on Chinese Electric Cars - The New York Times - June 12th, 2024 [June 12th, 2024]
- The EU slaps additional tariffs on Chinese EV imports - The Verge - June 12th, 2024 [June 12th, 2024]
- Battered by Far Right in E.U. Vote, Macron Calls for New Elections in France - The New York Times - June 12th, 2024 [June 12th, 2024]
- Chinese EV makers face additional tariffs of up to 38 percent in the EU - Engadget - June 12th, 2024 [June 12th, 2024]
- Poland exit polls: PM Tusk keeps upper hand over PiS in EU elections - Euronews - June 12th, 2024 [June 12th, 2024]
- The European Union mobilises additional assistance to support Ukraine - European Union - June 12th, 2024 [June 12th, 2024]
- Far-right parties make stunning gains in EU election, prompting Macron to call snap vote in France - Fortune - June 12th, 2024 [June 12th, 2024]
- EU's Borrell: Rafah offensive will cause civilian casualties, no matter what Israel says - The Times of Israel - May 7th, 2024 [May 7th, 2024]
- Who would run the EU if decided by Eurovision? - POLITICO Europe - May 7th, 2024 [May 7th, 2024]
- Opinion | Europe Is About to Drown in the River of the Radical Right - The New York Times - May 7th, 2024 [May 7th, 2024]
- Poland's Tusk Calls on EU to Build Joint Air-Defense System - Yahoo! Voices - May 7th, 2024 [May 7th, 2024]
- Xi visits Europe amid growing tensions with the West - Courthouse News Service - May 7th, 2024 [May 7th, 2024]
- Netherlands joins call to shetler intercepted asylum seekers in non-EU countries: report - NL Times - May 7th, 2024 [May 7th, 2024]
- More civilians will be killed in Israel's Rafah offensive 'whatever they say' - EU's Borrell - The Jerusalem Post - May 7th, 2024 [May 7th, 2024]
- Lawyer: EU taxpayers might have to pay billions for Russian billionaire's unjustified inclusion on a sanctions list - bnn-news.com - May 7th, 2024 [May 7th, 2024]
- EU urged to have fair perception of China - China Daily - May 7th, 2024 [May 7th, 2024]
- EU hosts defence forum to rally its military industry behind Ukraine - Euronews - May 7th, 2024 [May 7th, 2024]
- EU in Tug-of-War for Georgia and Moldova - Center for European Policy Analysis - May 7th, 2024 [May 7th, 2024]
- EU Commission ends rule of law proceedings against Poland after six years - JURIST - May 7th, 2024 [May 7th, 2024]
- Seven out of 10 Europeans believe their country takes in too many immigrants - EL PAS USA - May 7th, 2024 [May 7th, 2024]
- George Robertson: Why Russia fears the European Union - The New Statesman - May 3rd, 2024 [May 3rd, 2024]
- Meta Faces EU Investigation Over Election Disinformation - The New York Times - May 3rd, 2024 [May 3rd, 2024]
- Europeans lack visceral attachment to the EU. Does it matter? - The Economist - May 3rd, 2024 [May 3rd, 2024]
- Europe's East Will Soon Overtake Club Med for Living Standards - Yahoo! Voices - May 3rd, 2024 [May 3rd, 2024]
- German Foreign Minister Aims To Abolish Veto in EU Council Ahead of Enlargement - The European Conservative - May 3rd, 2024 [May 3rd, 2024]
- Le Pen urges 'crushing' defeat of Macron in speech ahead of European elections - Le Monde - May 3rd, 2024 [May 3rd, 2024]
- The European Union is investigating Meta's election policies - Engadget - May 3rd, 2024 [May 3rd, 2024]
- Activists press for EU-wide abortion right - POLITICO Europe - May 3rd, 2024 [May 3rd, 2024]
- In the upcoming European elections, peace and security matter the most - Euronews - May 3rd, 2024 [May 3rd, 2024]
- The Greens' Reintke vows to keep EU on track towards climate neutrality amid right-wing backlash - Euronews - May 3rd, 2024 [May 3rd, 2024]
- President von der Leyen reaffirms EU's strong support for Lebanon and its people and announces a 1 billion package ... - European Union - May 3rd, 2024 [May 3rd, 2024]
- GDP up by 0.3% in both the euro area and the EU - European Commission - May 3rd, 2024 [May 3rd, 2024]
- Possible to enlarge and deepen EU at the same time, Barroso says - EURACTIV - May 3rd, 2024 [May 3rd, 2024]
- The European Union will reportedly open a new investigation into Meta over election policies - Engadget - May 3rd, 2024 [May 3rd, 2024]
- European elections: are national issues overshadowing European ones? - Euronews - May 3rd, 2024 [May 3rd, 2024]
- EU Enhances Protection of the Environment Through Criminal Law - Gibson Dunn - May 3rd, 2024 [May 3rd, 2024]
- What U.S. Policymakers Can Learn from the European Union's Probe of Meta - Just Security - May 3rd, 2024 [May 3rd, 2024]
- 20 years together: Facts and figures about the benefits of the enlargement for the EU - European Union - May 3rd, 2024 [May 3rd, 2024]
- Ten reasons to vote in the European elections - Social Europe - May 3rd, 2024 [May 3rd, 2024]
- Foreign Ministers mark NATO's 75th anniversary, meet with Ukraine, Indo-Pacific partners, European Union - NATO HQ - April 5th, 2024 [April 5th, 2024]
- Press statement by President von der Leyen on a Resilience and Growth Plan for Armenia - European Union - April 5th, 2024 [April 5th, 2024]
- EU pulls back the curtain on organized crime, with 821 networks numbering 25000 strong poisoning the economy - Fortune - April 5th, 2024 [April 5th, 2024]
- EU announces new 270 million Resilience and Growth package for Armenia - euneighbourseast.eu - April 5th, 2024 [April 5th, 2024]
- Mara Elsabet receives a special mention for Spufuglinn - EEAS - April 5th, 2024 [April 5th, 2024]
- Over 80% of the European Unions Common Agricultural Policy supports emissions-intensive animal products - Nature.com - April 5th, 2024 [April 5th, 2024]