Malware, Vulnerability Management

European Union announces bug bounty program

The European Union is launching bug bounty programs for 14 out of 15 open source projects on which EU institutions rely.

Beginning this month, researchers will be invited to submit bugs and vulnerabilities in various projects that were previously identified as candidates in the inventories and a public survey, according to a Dec. 12, 2018 announcement from EU Member of Parliament Julia Reda.

The bug bounty categories will included: Filezilla, Apahe Kafka, Notepad++, PuTTY, VLC Media Player, FLUX TL, KeePass,7-zip, Digital Signature Services (DSS), Drupal, GNU C Library (glibc), PHP Symfony, Apache Tomcat, WSO2, and midPoint.

Payouts have ranged from 25.000,00 € for a Digital Signature Services (DSS) vulnerability to 90.000,00 € for a PuTTy vulnerability.

"The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure," Reda said in an announcement. "Like many other organisations, institutions like the European Parliament, the Council and the Commission build upon Free Software to run their websites and many other things."

The initiative stems from Reda and her college Max Andersson starting the Free and Open Source Software Audit project (FOSSA) between 2015 and 2016 to help ensure the security of the software. In 2017, the project was extended for three more years and was extended as officials began considering bug bounties on important Free Software projects as a measure to put in place to increase the security of Free and Open Source Software.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.