European Union Will Pay For Finding Bugs In Open Source Software – iProgrammer
The European Commission's Open Source Programme Office has decided to offer bug bounties on popular open source software. What better way of acknowledging OSS's importance than by a state driven sponsorship?
Open Source Software powers everything, from modern servers, to IoT, to the desktops at work and, as it seems, is at the heart of European Union systems too. While this EU bug bounty initiative is welcome, it is not something new; I covered the origins of the program in 2019, see"EU Bug Bounty - Software Security as a Civil Right".
Back then the bounty was focused on OpenSSL and the Heartbleed bug. As everyone knows OpenSSL is really the cornerstone of todays internet-based communication and as such bugs in it compromise the very fabric of society. From the article:
It is amazing to think that the OpenSSL Software Foundation which is responsible for the maintenance of the OpenSSL library, the cornerstone of safe transactions on the Internet used by millions of websites and organizations, receives just $2000 of donation money per year and has only ONE full-time employee working on the library.
All that was revealed after the discovery of the Heartbleed bug, something that finally shook the waters and motivated the big industry names to support the foundation with proper funding.
As such the EU Bug Bounty initiative was launched as part of the Free and Open Source Software Audit (FOSSA) project, thanks to Julia Reda MEP of the EU Pirate Party, who started the project thinking that enough is enough after severe vulnerabilities were discovered in key infrastructure components like OpenSSL. This prompted her to involve the EU Commission in contributing to the security of the Internet.
Patrice-Emmanuel Schmitz, legal expert of Joinup (a venue that enables public administrations, businesses and citizens to share and reuse IT solutions and good practices across Europe)added:
Like bread and beer, free software development is not for free: developers need some incentives, lets say just the money they need for purchasing their bread and beer or for ensuring their family a decent way of life.
In order to provide these incentives, the European Commission is launching in January about 15 bug bounties on Free Software projects that the EU institutions rely on. A bug bounty is a prize for people who actively search for security issues. The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software.
Now there's another round of cybersecurity sponsorship, but under a new name - European Commission Open Source Programme Office (EC OSPO). This time the EU pays for finding security vulnerabilities in LibreOffice, LEOS, Mastodon, Odoo and CryptPad, with an added 20% bonus for providing a code fix for the bugs discovered.
This bonus is very important as once a vulnerability has been identified and reported in many cases the maintainers of the project are slow in getting a patch out. The bonus tries to incentivize bug hunters to propose fixes it as well as finding vulnerabilities, hence leading to a much shorter response time.
The criteria for choosing particular applications were based on their actual use. All of them are open source solutions used by public services across the European Union:
It seems that the security of desktop apps is considered at par with those of the server-side kind. In some cases client-side attacks can be even more dangerous because desktop apps are consumed en masse, and when exploited it's not just some vague hacking attack happening on the Internet resulting in the leaking of credentials and personal information, buttaking full control of the users' PCs, therefore of their complete digital life.
Bug hunters are called to find security vulnerabilities such as leaks of personal data, horizontal/vertical privilege escalation and SQLi. The highest reward will be EUR 5,000 for exceptional vulnerabilities plus, as already mentioned, a 20% bonus if the fix is also provided. The bug bounty is going to be based on theIntigritiplatform, whichwork with teams of every size, shape and industry based in Europe to secure digital assets, protect confidential information and customer data, and strengthen a responsible disclosure process.
European Commission's Open Source Programme Office starts bug bounties
EU Bug Bounty - Software Security as a Civil Right
Joinup-Software Security IS a Civil Right
To be informed about new articles on IProgrammer,sign up for ourweekly newsletter,subscribe to theRSSfeedandfollow us on Twitter,Facebook orLinkedin.
Make a Comment or View Existing Comments Using Disqus
or email your comment to: comments@i-programmer.info
More here:
European Union Will Pay For Finding Bugs In Open Source Software - iProgrammer
- Breakdown of European Union CountriesPlus, Other Things to Know - TravelAwaits - October 4th, 2025 [October 4th, 2025]
- Jordan and the European Union Reaffirm Commitment to Strengthening Partnership in Justice and Security - jordannews.jo - October 4th, 2025 [October 4th, 2025]
- Israel and Iran on the brink: Preventing the next war - European Union Institute for Security Studies | - October 4th, 2025 [October 4th, 2025]
- European Union's Beauty and Skin Care Market Set for Steady Growth With 5.6% CAGR in Value Terms - IndexBox - October 4th, 2025 [October 4th, 2025]
- Spain Calls for Repealing all Agreements between The European Union and Israel - - October 4th, 2025 [October 4th, 2025]
- European Union's Cosmetics Market Poised for Steady Growth With a 3.1% Volume CAGR - IndexBox - October 4th, 2025 [October 4th, 2025]
- European Union's Driving and Non-Driving Axle Market Set to Reach 2.8M Tons and $22.5B by 2035 - IndexBox - October 4th, 2025 [October 4th, 2025]
- Prime Minister Carney appoints the Honourable John Hannaford as Personal Representative to the European Union - pm.gc.ca - October 4th, 2025 [October 4th, 2025]
- European Union's Iron and Steel Tube Fitting Market Set for Steady Growth with a 2.3% CAGR in Value - IndexBox - October 4th, 2025 [October 4th, 2025]
- DOCUMENT | Note from the President of COMECE on the crisis in Gaza, Ukraine and Sudan - The Catholic Church in the European Union - October 4th, 2025 [October 4th, 2025]
- The European Union was designed for peace it is never going to be a war machine | Anand Menon - The Guardian - October 2nd, 2025 [October 2nd, 2025]
- Astria Therapeutics Now Enrolling HAE Patients in the European Union for the Phase 3 ALPHA-ORBIT Trial - Business Wire - October 2nd, 2025 [October 2nd, 2025]
- EIOPA Raises Concerns Over Proposed European Union Climate-Reporting Scope Reduction - JD Supra - October 2nd, 2025 [October 2nd, 2025]
- China, India, and the European Union Grapple with Critical Labor Shortages That Could Halt the Explosive Growth of the Global Travel and Tourism... - October 2nd, 2025 [October 2nd, 2025]
- It's official - this is the new method they will implement to access the European Union that affects all those arriving from abroad from October 12 -... - October 2nd, 2025 [October 2nd, 2025]
- Foreign direct investment screening in Australia, the United States, the United Kingdom, Japan and the European Union: recent reforms - United States... - October 2nd, 2025 [October 2nd, 2025]
- Russian Foreign Minister Says NATO and the European Union Declared War on Russia - finchannel - September 30th, 2025 [September 30th, 2025]
- Tanzanian Defence Attach visits the European Union Military Assistance Mission - EEAS - September 30th, 2025 [September 30th, 2025]
- European Union's Borates Market Set for Growth to 565K Tons and $459M by 2035 - IndexBox - September 28th, 2025 [September 28th, 2025]
- European Union's Asphalt and Bitumen Market Set for Steady Growth with a 0.6% Volume CAGR Through 2035 - IndexBox - September 28th, 2025 [September 28th, 2025]
- European Union's X-Ray Tube Market Forecast Shows Slowing Growth with +0.7% Volume CAGR to 2035 - IndexBox - September 28th, 2025 [September 28th, 2025]
- European Union explores investment and cooperation in Tamaulipas - MEXICONOW - September 28th, 2025 [September 28th, 2025]
- European Union and Russia battle over Moldova in elections that could define the future of both blocs - Gamereactor UK - September 28th, 2025 [September 28th, 2025]
- Russia was not admitted to the Council of the International Civil Aviation Organization the European Union resisted - - September 28th, 2025 [September 28th, 2025]
- European Union Would Like Old Cars To Be Inspected More Frequently - Technology Org - September 25th, 2025 [September 25th, 2025]
- European Union looks to drive down U.S. tariffs on steel and aluminum - Washington Times - September 25th, 2025 [September 25th, 2025]
- Video Trump tells European Union nations: 'Your countries are going to hell' - ABC News - Breaking News, Latest News and Videos - September 23rd, 2025 [September 23rd, 2025]
- Invitation: The European Media Freedom Act: a panacea for press freedom in Czechia, Germany and the European Union? - European Centre for Press and... - September 23rd, 2025 [September 23rd, 2025]
- Joint communiqu - sixth trilateral meeting of the African Union, the European Union and the United Nations, New York, 21 September 2025 - EEAS - September 23rd, 2025 [September 23rd, 2025]
- Apple continues to clash with European Union regulations - MarketScreener - September 23rd, 2025 [September 23rd, 2025]
- The European Union and @_AfricanUnion strongly support the @UN, the backbone of our rules-based order. We are joining forces for peace, stability, and... - September 23rd, 2025 [September 23rd, 2025]
- ASSEMBLY | Strengthening Europes mission: EU bishops to convene in Brussels on 1-3 October - The Catholic Church in the European Union - September 23rd, 2025 [September 23rd, 2025]
- European Union's Calcined and Sintered Dolomite Market Set for Modest Growth to 2.3 Million Tons and $654 Million by 2035 - IndexBox - September 23rd, 2025 [September 23rd, 2025]
- Athletes at inaugural Special Olympics European Union day to champion inclusion at the heart of Europe - The International Platform on Sport and... - September 23rd, 2025 [September 23rd, 2025]
- The European Union supports the digital transformation and reform of public administration in Bosnia and Herzegovina - European Newsroom - September 21st, 2025 [September 21st, 2025]
- Finnish President: The European Union Will Not Consider Russia's Interests When Formulating Security Guarantees for Ukraine - tesaaworld.com - September 21st, 2025 [September 21st, 2025]
- European Union's Fireclay Market Poised for Steady Growth with 2.7% CAGR in Value Through 2035 - IndexBox - September 21st, 2025 [September 21st, 2025]
- The European Union Welcomes the Raising of the Syrian Flag in Washington - tesaaworld.com - September 21st, 2025 [September 21st, 2025]
- Toukan: The European Union Is One of Jordans Most Important Development Partners - jordannews.jo - September 21st, 2025 [September 21st, 2025]
- TRYNGOLZA (olezarsen) approved in the European Union for familial chylomicronemia syndrome (FCS) - Yahoo Finance - September 19th, 2025 [September 19th, 2025]
- EVENT | "AI and Human Trafficking: threats, tools and legal frontiers Conference at the European Parliament, 30 September. Registration now open... - September 19th, 2025 [September 19th, 2025]
- The European Union announced a meeting on new sanctions against Russia - - - September 19th, 2025 [September 19th, 2025]
- Andreas Knne is the new Ambassador of the European Union to Switzerland - EEAS - September 19th, 2025 [September 19th, 2025]
- European Union's Diesel-Electric Locomotive Market Poised for Steady Growth with 1.4% CAGR Through 2035 - IndexBox - September 19th, 2025 [September 19th, 2025]
- European Union Chamber of Commerce in China urges Beijing to address cutthroat competition, price wars, and rare earth issues - DIGITIMES Asia - September 19th, 2025 [September 19th, 2025]
- European Union's Safflower Seed Market Poised for Steady Growth with 3.5% CAGR in Value Through 2035 - IndexBox - September 17th, 2025 [September 17th, 2025]
- European Union's Magnesite Market Poised for Steady Growth with 2% CAGR Through 2035 - IndexBox - September 17th, 2025 [September 17th, 2025]
- European Union's Nitrites Market Poised for Steady Growth with 2.4% CAGR in Value - IndexBox - September 17th, 2025 [September 17th, 2025]
- The Exotic Pet Trade Harms Animals and Humans. The European Union Is Studying a Potential Solution - The Revelator - September 15th, 2025 [September 15th, 2025]
- In July, price for wood pellets imported to European Union contracts 8% - lesprom.com - September 15th, 2025 [September 15th, 2025]
- Discover Ukraines path to the European Union in the new Euroquiz! - EU NEIGHBOURS east - September 13th, 2025 [September 13th, 2025]
- Microsoft resolves European Union probe into Teams - The Killeen Daily Herald - September 13th, 2025 [September 13th, 2025]
- How are microplastics regulated in the UK and European Union? - Fieldfisher - September 13th, 2025 [September 13th, 2025]
- European Union and its member States should take measures to respond to Georgias crackdown on civil society and human rights organisations - fidh.org - September 11th, 2025 [September 11th, 2025]
- What Is In The State Of The European Union 2025 For The Tech Sector? - Access Partnership - September 11th, 2025 [September 11th, 2025]
- The Sound of Economics Live: The State of the European Union 2025 - Bruegel - September 11th, 2025 [September 11th, 2025]
- Webull Launches in the European Union, Debuting Retail Investment Platform in the Netherlands - PR Newswire - September 9th, 2025 [September 9th, 2025]
- How Do Citizens See the Future of the European Union? - Hungarian Conservative - September 9th, 2025 [September 9th, 2025]
- Global Gateway: The European Union to invest close to 300 million in the Pacific - EU Reporter - September 9th, 2025 [September 9th, 2025]
- Russia jeopardizes nuclear safety and IAEA monitoring work European Union - Ukrinform - September 9th, 2025 [September 9th, 2025]
- Treasury secretary says U.S. and European Union must partner to 'collapse' Russian economy - - September 9th, 2025 [September 9th, 2025]
- European Union's preserved sardines market to grow at a steady 0.7% CAGR through 2035, driven by sustained demand, reaching 157K tons. - IndexBox - September 9th, 2025 [September 9th, 2025]
- Palestine recognition: the principle the EU has been stuck on for decades | European Union - The Guardian - September 6th, 2025 [September 6th, 2025]
- Google hit with $3.5 billion fine from European Union in ad-tech antitrust case - AP News - September 6th, 2025 [September 6th, 2025]
- Google hit with massive fine from European Union in ad-tech antitrust case - France 24 - September 6th, 2025 [September 6th, 2025]
- Google hit with $3.5 billion fine from European Union in ad-tech antitrust case - ABC News - September 6th, 2025 [September 6th, 2025]
- Ukraine opens its first railway line with European track width standard, boosting the countrys integration with the European Union - Enlargement and... - September 6th, 2025 [September 6th, 2025]
- China to impose temporary duties on European Union pork imports - Le Monde.fr - September 6th, 2025 [September 6th, 2025]
- Google hit with $3.5 billion fine from European Union in ad-tech antitrust case - The Independent - September 6th, 2025 [September 6th, 2025]
- Google hit with $3.5 billion fine from European Union in ad-tech antitrust case - El Paso Inc. - September 6th, 2025 [September 6th, 2025]
- European Union's flat hot-rolled steel in coils market, forecast to grow at a 3.0% CAGR through 2035, is driven by sustained demand to reach $32.3B. -... - September 6th, 2025 [September 6th, 2025]
- European Union's hot-rolled steel bar and rod market to grow at a CAGR of +1.7%, driven by rising demand, reaching 34M tons by 2035. - IndexBox - September 6th, 2025 [September 6th, 2025]
- Google hit with $3.5 billion fine from European Union in ad-tech antitrust case - Bakersfield.com - September 6th, 2025 [September 6th, 2025]
- Google hit with $3.5 billion fine from European Union in ad-tech antitrust case - Caledonian Record - September 6th, 2025 [September 6th, 2025]
- Google hit with $3.5 billion fine from European Union in ad-tech antitrust case - Castanet - September 6th, 2025 [September 6th, 2025]
- European Union's Ready-Mixed Concrete and Factory Made Mortars Market to Expand at a CAGR of +1.1% through 2035 - IndexBox - September 5th, 2025 [September 5th, 2025]
- European Union's Base Metal Padlocks Market to Grow at a CAGR of +1.1% from 2024 to 2035, Reaching $364M by End of Forecast Period - IndexBox - September 5th, 2025 [September 5th, 2025]
- European Union's cored arc-welding wire market projected to experience slight growth, with CAGR of +1.4% from 2024 to 2035 - IndexBox - September 5th, 2025 [September 5th, 2025]
- Drought and doubts: can the European Union help Greece and other thirsty Member States? - Yahoo News UK - September 3rd, 2025 [September 3rd, 2025]
- Eurobarometer: Czechs Have Least Positive View of European Union of All Member States - Brno Daily - September 3rd, 2025 [September 3rd, 2025]