Home > Cyber News > EU Funds Bug Bounty Programs for 14 Open Source Projects

EU Funds Bug Bounty Programs for 14 Open Source Projects

The European Union is about to sponsor 14 bug bounty programs for vulnerabilities in 14 popular open-source software projects. The announcement was made a few days ago by Julia Reda, who represents the German Pirate Party in the European Parliament.

The new bounty project is being sponsored by the Free and Open Source Software Audit, or FOSSA.
So, what’s the third edition of FOSSA all about and what does it mean for security researchers?

Third Edition of FOSSA Starting in January 2019

First of all, let’s see the 14 software projects that are part of the new bounty program. The complete list consists of 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player, and WSO2. As already mentioned, the bug bounties are sponsored by the FOSSA project as part of their third edition.

The project was first started in 2015. Its initiation was triggered by the discovery of severe flaws in the OpenSSL library, such as the infamous Heartbleed vulnerability. As explained by Reda in her announcement, “the issue made lots of people realize how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure”.

As for the funding, the European Union is offering $1 million for the bug bounty programs for the 14 companies listed above, with rewards ranging from $25,000 to $90,000. Some of the programs will continue until the summer of 2019, and others are expected to run until the end of next year. It should be noted that the highest payments will be given for vulnerabilities in PuTTY and Drupal.

How can researchers participate?
Interested experts will be invited to submit their discoveries using the HackerOne and Deloitte’s Intigriti crowdsourced security platforms.

Related: More than 150 Vulnerabilities Discovered in US Marine Corp Websites

The first edition of FOSSA took place between 2015 and 2016, and involved three major sub-projects: the establishment of an inventory of the free software used by the European Parliament, an analysis of how developers handle security, and security audits of the Apache web server and the KeePass password manager.

FOSSA 2 took place in 2017 as a bug bounty program on HackerOne specifically for the VLC Media Player app. This year FOSSA returns in its third phase involving the 14 bug bounty programs. Security researchers will soon be able to locate and report security flaws in the open source projects. Rewards will be given to those whose reports are approved, and patches are released.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

  1. Megan moyan

    I have Intel and I’m a victim.
    Please help

    1. Milena Dimitrova (Post author)

      Hi Megan, what do you mean by saying you’re a victim?


Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree