EU expands open source software audit program with bug bounty
The European Parliament approved the budget for the EU on Thursday. The EU is spending 1.9 million euros of this to continue the Fossa project, which audits open source software. The program has also been extended with a bug bounty.
D66 MEP Marietje Schaake writes that such a program stimulates finding bugs and vulnerabilities in software by handing out financial rewards to researchers. A bug bounty program requires security professionals to become more involved in securing the European Union’s network infrastructure. Schaake does not disclose what amounts will be awarded for finding bugs.
The Fossa program has been in existence for two years and was set up by MEPs Julia Reda and Max Andersson. Apart from conducting audits, which examine software for leaks, the EU is developing criteria within the program that can be used to determine the quality of open source software, according to Reda.
So far, the Fossa program has ensured that two programs have received an audit. Those are Apache and Keepass. The Keepass password manager has since been audited, and no critical vulnerabilities emerged. The software that receives such examination of the source code is determined by means of a survey. The European Commission released the results of the previous survey in July.