EU launches bug bounty programs for 15 software

Pierluigi Paganini December 31, 2018

The European Commission decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project.

Bug bounty programs are very important for the security of software and hardware, major tech firms launched their own programs to discover flaws before hackers.

The European Commission recognized the importance of bug bounty programs and decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project.

The Free and Open Source Software Audit (FOSSA) covers 15 products used by the Commission, it is offering €851,000 in bounties for vulnerabilities discovered by participants.

14 bug bounty programs start in in January 2019 they will cover various products including FilezillaApache KafkaNotepad++PuTTY, and VLC Media Player. The bug bounty programs are arranged via the HackerOne platform.

Bug bounties for other nine products (FLUX TLKeePass7-zipDigital Signature Services (DSS)DrupalGNU C Library (glibc)PHP SymfonyApache Tomcat, and WSO2) are arranged through the Intigrity platform.

The first phase of the FOSSA project started in 2014, the “pilot project” phase ran over two years from 2015-2016. The project was launched between 2015-2016 at the initiative of Julia Reda, Member of European Parliament (MEP) from the Pirate Party, and Max Andersson, MEP from the Green Party

The project was renewed in 2017 for three more years including bug bounty programs to improve the security of software used.

“In 2017, the project was extended for three more years. This time, we decided to go one step further and added the carrying out of Bug Bounties on important Free Software projects to the list of measures we wanted to put in place to increase the security of Free and Open Source Software.” reads the post published by Reda.

“We also planned a series of Hackathons that will allow software developers from within the EU institutions, and developers from Free Software projects, to work more closely together and to collaborate directly on their software.” That would indeed be better, but the @EU_Commission can’t just dish out money to developers who haven’t gone through an onerous public tender process that favours large consultancies that specialize in bidding for tenders rather than Drupal development.141:33 PM – Dec 28, 2018Twitter Ads info and privacySee Julia Reda’s other TweetsTwitter Ads info and privacy

Below is the complete list of software products covered by the bug bounty programs starting 2019:

Software Project Bug Bounty Amount (Euro) Start Date End Date Bug Bounty Platform
Filezilla 58.000,00 € 07/01/2019 15/08/2019 HackerOne
Apache Kafka 58.000,00 € 07/01/2019 15/08/2019 HackerOne
Notepad++ 71.000,00 € 07/01/2019 15/08/2019 HackerOne
PuTTY 90.000,00 € 07/01/2019 15/12/2019 HackerOne
VLC Media Player 58.000,00 € 07/01/2019 15/08/2019 HackerOne
FLUX TL 34.000,00 € 15/01/2019 15/10/2019 Intigriti/Deloitte
KeePass 71.000,00 € 15/01/2019 31/07/2019 Intigriti/Deloitte
7-zip 58.000,00 € 30/01/2019 15/04/2020 Intigriti/Deloitte
Digital Signature Services (DSS) 25.000,00 € 30/01/2019 15/10/2019 Intigriti/Deloitte
Drupal 89.000,00 € 30/01/2019 15/10/2020 Intigriti/Deloitte
GNU C Library (glibc) 45.000,00 € 30/01/2019 15/12/2019 Intigriti/Deloitte
PHP Symfony 39.000,00 € 30/01/2019 15/10/2019 Intigriti/Deloitte
Apache Tomcat 39.000,00 € 30/01/2019 15/10/2019 Intigriti/Deloitte
WSO2 58.000,00 € 30/01/2019 15/04/2020 Intigriti/Deloitte
midPoint 58.000,00 € 01/03/2019 15/08/2019 HackerOne
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – bug bounty programs, cyber security)

[adrotate banner=”5″] [adrotate banner=”13″]

you might also like

leave a comment