European Union Will Pay For Finding Bugs In Open Source Software – iProgrammer
The European Commission's Open Source Programme Office has decided to offer bug bounties on popular open source software. What better way of acknowledging OSS's importance than by a state driven sponsorship?
Open Source Software powers everything, from modern servers, to IoT, to the desktops at work and, as it seems, is at the heart of European Union systems too. While this EU bug bounty initiative is welcome, it is not something new; I covered the origins of the program in 2019, see"EU Bug Bounty - Software Security as a Civil Right".
Back then the bounty was focused on OpenSSL and the Heartbleed bug. As everyone knows OpenSSL is really the cornerstone of todays internet-based communication and as such bugs in it compromise the very fabric of society. From the article:
It is amazing to think that the OpenSSL Software Foundation which is responsible for the maintenance of the OpenSSL library, the cornerstone of safe transactions on the Internet used by millions of websites and organizations, receives just $2000 of donation money per year and has only ONE full-time employee working on the library.
All that was revealed after the discovery of the Heartbleed bug, something that finally shook the waters and motivated the big industry names to support the foundation with proper funding.
As such the EU Bug Bounty initiative was launched as part of the Free and Open Source Software Audit (FOSSA) project, thanks to Julia Reda MEP of the EU Pirate Party, who started the project thinking that enough is enough after severe vulnerabilities were discovered in key infrastructure components like OpenSSL. This prompted her to involve the EU Commission in contributing to the security of the Internet.
Patrice-Emmanuel Schmitz, legal expert of Joinup (a venue that enables public administrations, businesses and citizens to share and reuse IT solutions and good practices across Europe)added:
Like bread and beer, free software development is not for free: developers need some incentives, lets say just the money they need for purchasing their bread and beer or for ensuring their family a decent way of life.
In order to provide these incentives, the European Commission is launching in January about 15 bug bounties on Free Software projects that the EU institutions rely on. A bug bounty is a prize for people who actively search for security issues. The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software.
Now there's another round of cybersecurity sponsorship, but under a new name - European Commission Open Source Programme Office (EC OSPO). This time the EU pays for finding security vulnerabilities in LibreOffice, LEOS, Mastodon, Odoo and CryptPad, with an added 20% bonus for providing a code fix for the bugs discovered.
This bonus is very important as once a vulnerability has been identified and reported in many cases the maintainers of the project are slow in getting a patch out. The bonus tries to incentivize bug hunters to propose fixes it as well as finding vulnerabilities, hence leading to a much shorter response time.
The criteria for choosing particular applications were based on their actual use. All of them are open source solutions used by public services across the European Union:
It seems that the security of desktop apps is considered at par with those of the server-side kind. In some cases client-side attacks can be even more dangerous because desktop apps are consumed en masse, and when exploited it's not just some vague hacking attack happening on the Internet resulting in the leaking of credentials and personal information, buttaking full control of the users' PCs, therefore of their complete digital life.
Bug hunters are called to find security vulnerabilities such as leaks of personal data, horizontal/vertical privilege escalation and SQLi. The highest reward will be EUR 5,000 for exceptional vulnerabilities plus, as already mentioned, a 20% bonus if the fix is also provided. The bug bounty is going to be based on theIntigritiplatform, whichwork with teams of every size, shape and industry based in Europe to secure digital assets, protect confidential information and customer data, and strengthen a responsible disclosure process.
European Commission's Open Source Programme Office starts bug bounties
EU Bug Bounty - Software Security as a Civil Right
Joinup-Software Security IS a Civil Right
To be informed about new articles on IProgrammer,sign up for ourweekly newsletter,subscribe to theRSSfeedandfollow us on Twitter,Facebook orLinkedin.
Make a Comment or View Existing Comments Using Disqus
or email your comment to: comments@i-programmer.info
More here:
European Union Will Pay For Finding Bugs In Open Source Software - iProgrammer
- Rare earth access is the European Union's priority at China summit - Reuters - June 20th, 2025 [June 20th, 2025]
- Germany, Italy, Netherlands, Spain, Czech Republic, Denmark and Twenty One Countries in European Union Threatening to Suspend Israel Schengen Visa... - June 20th, 2025 [June 20th, 2025]
- European Union's Lifts and Elevators Market to Grow at a CAGR of +0.9% through 2035, Expected to Reach 665K Units - IndexBox - June 20th, 2025 [June 20th, 2025]
- European Union's Packaging Machinery Market to Increase at a CAGR of +2.2% Reaching $6.3B by 2035 - IndexBox - June 20th, 2025 [June 20th, 2025]
- The European Union announced the rejection of Russian gas at the wrong time: the price is approaching $ 500 - EADaily - June 20th, 2025 [June 20th, 2025]
- The European Union Watches from the Sidelines - inss.org.il - June 20th, 2025 [June 20th, 2025]
- How is disinformation addressed in the member states of the European Union? 27 country cases - EDMO.eu - June 18th, 2025 [June 18th, 2025]
- Literature review on actors of disinformation in the European Union - EDMO.eu - June 18th, 2025 [June 18th, 2025]
- Akriila and the European Union collaborate to give voice to Chiles clean energy future in new track The Power - EEAS - June 18th, 2025 [June 18th, 2025]
- Israel/Iran: Statement by the High Representative on behalf of the European Union - consilium.europa.eu - June 18th, 2025 [June 18th, 2025]
- Trump Drops Papers He Just Signed and Mistakenly Refers to the U.K. as The European Union - Mediaite - June 18th, 2025 [June 18th, 2025]
- In April, imports of plywood to European Union increase 5% - lesprom.com - June 18th, 2025 [June 18th, 2025]
- European Union warns of retaliation over Trumps steel tariff hike - The Indian Express - June 1st, 2025 [June 1st, 2025]
- News: NATO and the European Union unite for Ukraine at a NAC - PSC meeting, 28-May.-2025 - NATO - Homepage - June 1st, 2025 [June 1st, 2025]
- Its Time for Israel To Join the European Union - The Media Line - June 1st, 2025 [June 1st, 2025]
- Beijing-based Ambassadors of the European Political Community (EPC) met at the European Union Delegation to China - EEAS - June 1st, 2025 [June 1st, 2025]
- Tech tariffs? A brewing conflict with the European Union and within the Trump administration - Washington Examiner - June 1st, 2025 [June 1st, 2025]
- European Union on its way to reach a 54% GHG emissions reduction by 2030 - Enerdata - June 1st, 2025 [June 1st, 2025]
- Trump Advisor Jason Miller Warns of the Threat European Union Poses to Free Speech - floridianpress.com - June 1st, 2025 [June 1st, 2025]
- Trump says trade negotiations to begin soon between U.S. and European Union - MSNBC News - June 1st, 2025 [June 1st, 2025]
- European Union accuses TikTok of breaching digital rules with lack of transparency on ads - AP News - May 15th, 2025 [May 15th, 2025]
- What should the European Union aim for in a trade deal with Trump? - Bruegel - May 15th, 2025 [May 15th, 2025]
- European Union accuses TikTok of breaching digital rules with lack of transparency on ads - Ottumwa Courier - May 15th, 2025 [May 15th, 2025]
- European Union election observation mission publishes its final report with 19 recommendations; genuine political will needed to reinforce democratic... - May 15th, 2025 [May 15th, 2025]
- Digital Anonymity in Danger! What is the European Union deciding? - Red Hot Cyber - May 15th, 2025 [May 15th, 2025]
- The European Union and the United States reach an agreement to enhance trade talks - - May 15th, 2025 [May 15th, 2025]
- EU and UK at loggerheads over fishing rights and youth mobility | European Union - The Guardian - May 15th, 2025 [May 15th, 2025]
- European Union agrees on 17th sanction package against Russia (VGK:NYSEARCA) - Seeking Alpha - May 14th, 2025 [May 14th, 2025]
- The European Union celebrates Europe Day 2025 with the exhibition Panama and Europe: routes that connect - EEAS - May 14th, 2025 [May 14th, 2025]
- European Union's Nails and Staples Market Expected to Grow at CAGR of +0.9% Over Next Decade - IndexBox - May 14th, 2025 [May 14th, 2025]
- Gavin Willsey reaches milestone at the Midwest Model European Union competition - Stephen F. Austin State University - May 10th, 2025 [May 10th, 2025]
- Europe Day NYC: Celebrating 75 years of the European Union, from vision to reality - EEAS - May 10th, 2025 [May 10th, 2025]
- Meet the MEP who wants to bring Canada into the European Union - Euronews.com - May 10th, 2025 [May 10th, 2025]
- European Union: The European Commission's action plan to drive innovation, sustainability and competitiveness in the automotive sector - Global... - May 10th, 2025 [May 10th, 2025]
- European Union launches $566 million drive to attract researchers scared off by Trump moves on science and universities - Fortune - May 10th, 2025 [May 10th, 2025]
- Georgians Risk Losing Their Visa-Free Travel Privileges To The European Union Amid Growing Tensions - Travel And Tour World - May 10th, 2025 [May 10th, 2025]
- The Delegation of the European Union to the Republic of Korea Marking Europe Day 2025 under the Theme "Partnering for Peace and Security" -... - May 10th, 2025 [May 10th, 2025]
- 'We call on the European Union to endorse a confederation of the states of Israel and Palestine in one homeland' - Le Monde.fr - May 3rd, 2025 [May 3rd, 2025]
- The European Union does not plan to participate in the settlement of the conflict on Ukraine - EADaily - May 3rd, 2025 [May 3rd, 2025]
- European Union's Soybean Oil Market to Grow at a CAGR of +0.8% Over the Next Decade - IndexBox - May 3rd, 2025 [May 3rd, 2025]
- European Union's Methanol Market to Exhibit Slow Growth with CAGR of +0.2% through 2035 - IndexBox - May 3rd, 2025 [May 3rd, 2025]
- European Union's Alumina Market to Reach 7.1M Tons and $4.8B by 2035 - IndexBox - May 3rd, 2025 [May 3rd, 2025]
- European Union's Stranded Wire, Ropes and Cables Market to Reach 1.6M Tons and $6.6B by 2035 - IndexBox - May 3rd, 2025 [May 3rd, 2025]
- European Union's Frozen Potatoes Market to Witness Strong Growth with CAGR of +5.7% from 2024 to 2035 - IndexBox - May 3rd, 2025 [May 3rd, 2025]
- The European Union just issued a dire warning to its 450 million citizens: Stockpile supplies and prepare for disaster - Fortune - March 26th, 2025 [March 26th, 2025]
- The European Union is preparing for war and is calling for emergency reserves in every home - CiberCuba - March 26th, 2025 [March 26th, 2025]
- The European Union rejected Russias demand for a ceasefire in exchange for lifting sanctions - - March 26th, 2025 [March 26th, 2025]
- Exclusive | European Union to slap Meta with fine up to $1B or more for breaching strict antitrust rules: sources - New York Post - March 26th, 2025 [March 26th, 2025]
- Peter Rough sat down with Kaja Kallas, European Union high representative for foreign affairs and security policy and European Commission vice... - March 26th, 2025 [March 26th, 2025]
- Court of Justice of the European Union: Member states representatives appoint thirteen judges to the General Court - consilium.europa.eu - March 26th, 2025 [March 26th, 2025]
- When the European Union wants to get back to basics - Marketscreener.com - March 26th, 2025 [March 26th, 2025]
- The European Union urges citizens to stockpile supplies to last 3 days in case of crisis - Goshen News - March 26th, 2025 [March 26th, 2025]
- The European Union urges citizens to stockpile supplies to last 3 days in case of crisis - Oil City Derrick - March 26th, 2025 [March 26th, 2025]
- European Union's Transmission Shafts and Cranks Market Expected to Slightly Increase with a CAGR of +0.3% over the Next Decade - IndexBox, Inc. - March 26th, 2025 [March 26th, 2025]
- New European Union Plan To Boost Local Arms Production Would Freeze U.S. Out Of Billions - The War Zone - March 26th, 2025 [March 26th, 2025]
- European Union's Roasted Coffee Market to See Continued Growth with +0.6% CAGR by 2035 - IndexBox, Inc. - March 26th, 2025 [March 26th, 2025]
- EU Penalizes RPM And Other Vertical Conduct Violations - Cartels, Monopolies - European Union - Mondaq News Alerts - March 26th, 2025 [March 26th, 2025]
- European Union's Toilet Paper Market to Reach $27.1B by 2035 with +0.5% CAGR - IndexBox, Inc. - March 26th, 2025 [March 26th, 2025]
- European Union Delays Retaliatory Tariffs On U.S. ProductsIncluding Whiskey - Forbes - March 20th, 2025 [March 20th, 2025]
- ICC President visits Brussels, urges European Union to take immediate action to protect the Court - the International Criminal Court - March 20th, 2025 [March 20th, 2025]
- The European Sting is Your democratic, independent and top quality political newspaper specialized in European Union News. Unique Features: iSting... - March 20th, 2025 [March 20th, 2025]
- The Prime Minister of Slovakia supported Ukraine's integration into the European Union - Eurasia Daily - March 20th, 2025 [March 20th, 2025]
- Trump reacts to European Union slapping tariffs on U.S. goods - CBS News - March 13th, 2025 [March 13th, 2025]
- Rxulti approved in the European Union for adolescent schizophrenia - PharmaTimes - March 13th, 2025 [March 13th, 2025]
- European Union Responds With Tariffs on Soybeans, Other Ag Exports - DTN The Progressive Farmer - March 13th, 2025 [March 13th, 2025]
- European Union retaliates with tariffs on $28 billion U.S. products - RFD-TV - March 13th, 2025 [March 13th, 2025]
- Donald Trump threatens European Union with 200% tariffs on specific goods if they dont remove nasty tax - UNILAD - March 13th, 2025 [March 13th, 2025]
- Canada and the European Union announce retaliatory tariffs against the United States - KREM.com - March 13th, 2025 [March 13th, 2025]
- Commission decides to refer SPAIN to the Court of Justice of the European Union due to discriminatory tax treatment of non-resident taxpayers - The... - March 13th, 2025 [March 13th, 2025]
- European Union hits back with counter tariffs on US goods - USA TODAY - March 13th, 2025 [March 13th, 2025]
- Trade Wars: European Union Retaliates Against U.S. Tariffs on Steel and Aluminum - TipRanks - March 13th, 2025 [March 13th, 2025]
- Commission hosts event to gather input and expertise on upcoming European Water Resilience Strategy - European Union - March 7th, 2025 [March 7th, 2025]
- UNESCO and the European Union Promote Training in Creative Tourism in the Caribbean - UNESCO - March 7th, 2025 [March 7th, 2025]
- The Interests of the European Union and the United States Are Diverging - Modern Diplomacy - March 7th, 2025 [March 7th, 2025]
- Tunisia: Call for the European Union to send international observers to the so-called "conspiracy" trial - FIDH - March 7th, 2025 [March 7th, 2025]
- European Union Blasts Trump Tariff Threats as Starmer Visits White House - Newsweek - February 27th, 2025 [February 27th, 2025]
- Trump vows to slap 25% tariffs on the European Union - FRANCE 24 English - February 27th, 2025 [February 27th, 2025]
- Trump vows to impose 25% tariffs on imports from the European Union - The Associated Press - February 27th, 2025 [February 27th, 2025]
- Trump says tariff level will be 25% on European Union products - Le Monde - February 27th, 2025 [February 27th, 2025]
- EU reaffirms unwavering support to Ukraine on anniversary of invasion - European Union - February 27th, 2025 [February 27th, 2025]