EU to fund bug bounty programs to delouse open source projects

According to EU Member of Parliament Julia Reda, the European Commission is launching fifteen bug bounty programs to support free and open source software. The bounties are part of the third edition of the Free and Open Source Software Audit (FOSSA) project which aims to make the Internet safer and more reliable.

One of the first projects to get EU cash is OpenSSL.

“Since OpenSSL is also very important for the encryption of Internet traffic, it is also highly relevant to the protection of your personal communication, or your payment details when you’re shopping online,” said Reda.

“The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure. Like many other organizations, institutions like the European Parliament, the Council and the Commission build upon Free Software to run their websites and many other things. But the Internet is not only crucial to our economy and our administration. It is the infrastructure that runs our every day lives. It is the means we use to retrieve information and to be politically active," she said.

How much can a good do hacker get for cybersleuthing for the EU? The rewards range from €17,000 to €90,000, and the exact amount "depends on the severity of the issue uncovered and the relative importance of the software,” Reda says.

The full list of projects includes 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player, and WSO2. Given the popularity of open source in the crypto ecosystem, this rising tide should lift all boats.