Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Bug EU Open Source

EU Offers Big Bug Bounties On 14 Open Source Software Projects (juliareda.eu) 78

Julia Reda is a member of Germany's Pirate Party, a member of the European Parliament, and the Vice-President of The Greens-European Free Alliance.

Thursday her official web site announced: In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL.... The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure.... That is why my colleague Max Andersson and I started the Free and Open Source Software Audit project: FOSSA... In 2017, the project was extended for three more years. This time, we decided to go one step further and added the carrying out of Bug Bounties on important Free Software projects to the list of measures we wanted to put in place to increase the security of Free and Open Source Software...

In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.

The bounties start at 25.000,00 € -- about $29,000 USD -- rising as high as 90.000,00 € ($103,000). "The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software," Reda writes.

Click through for a list of the software projects for which bug bounties will be offered.
  • Filezilla
  • Apache Kafka
  • Notepad++
  • PuTTY
  • VLC Media Player
  • FLUX TL
  • KeePass
  • 7-zip
  • Digital Signature Services (DSS)
  • Drupal
  • GNU C Library (glibc)
  • PHP Symfony
  • Apache Tomcat
  • WSO2
This discussion has been archived. No new comments can be posted.

EU Offers Big Bug Bounties On 14 Open Source Software Projects

Comments Filter:
  • by rstanley ( 758673 ) on Saturday December 29, 2018 @11:40AM (#57875300)
    This list should be expanded to include many other projects as well, such as OpenSSH, etc...

    I applaud the EU for their efforts!!!
  • Julia Reda rocks! (Score:5, Insightful)

    by Anonymous Coward on Saturday December 29, 2018 @12:55PM (#57875558)

    It's one of those few politicians who grok IT and software and know what matters, instead of swallowing all the nonsense lobbies throw at them.

    I've heard a couple of talks by her and really wish we had a couple more like her.

  • Pay for Maintainers (Score:4, Interesting)

    by divide overflow ( 599608 ) on Saturday December 29, 2018 @02:35PM (#57875904)
    Paying to find bugs won't make much sense unless you also provide cash to fund the maintainers for additional manpower. Open source maintainers are already spending all their allotted time on maintaining the code. Simply identifying more bugs doesn't fix the manpower issue and makes their job even more difficult.

    If you are identifying problems (bugs) you should also offer solutions (funding).
    • Well som bugs ar hatd to find, these bounties are just there to give the devs a resnable chance of getting to hear about bugs before exploits are sold to black-hats, I donâ(TM)t know about you, but bersonaly I thing that is a good thing.

    • by AHuxley ( 892839 )
      Every year the EU will tax its working people some more to give away their money to "free" computer projects.
      • 1. Good for the EU. At least they understand that nothing is truly free.
        2. You can't tax people that don't have anything. That's just common sense.
        3. Consider yourself lucky that someone creates usable software and provides it freely to others including selfish people who don't appreciate its value or the effort that went into its creation.

        Happy New Year!
  • It seems strange that Drupal with 3.5% market share (globally across both public and private sector) of CMS'es is on the list and yet WordPress, which is the most dominant CMS by far, isn't on the list despite having 59.7% CMS market share (figures from W3Techs [w3techs.com]).

    Maybe the European public sector uses Drupal more than WordPress (I have no specific figures on that), but I seriously doubt it considering the 17:1 worldwide usage disparity. Or is Drupal considered less secure than WordPress and needs more fixes?

    • WordPress can hardly be considered a CMS, it is a blogging software, thats all.

    • by MS ( 18681 )

      One reason many prefer Drupal is that it is multilingual, while most other CMS are not. Multilinguality is a feature needed by many european administrations. (I do not use Drupal, but I know the problems Joomla or Wordpress have with mutilingual plugins)

  • PVS-Studio and Bug Bounties on Free and Open Source Software: https://medium.com/@karpov2007... [medium.com]
  • I must be getting old, no-one else thinks of this when they hear "bug bounty"?

    https://dilbert.com/strip/1995... [dilbert.com]

This is clearly another case of too many mad scientists, and not enough hunchbacks.

Working...