EU puts up bug bounties to find flaws in open source software
MANILA, Philippines – The European Union (EU) has put up a bug bounty for security researchers to spot flaws in the open source software used by the regional bloc.
In a post on her website, European Parliament member Julia Reda of Germany said the bounty to be launched in 2019 by the European Commission – EU's executive branch – will cover a total of 15 free and open source software "that the EU institutions rely on."
The first 14 software in the bug bounty are the following, along with the dates in January 2019 when the public can start submitting bugs or vulnerabilities through either the HackerOne or the Intigriti/Deloitte platforms:
- Filezilla, Apache Kafka, Notepad++, PuTTY, and VLC Media Player – starting January 7, 2019
- FLUX TL and KeePass – starting January 15, 2019
- 7-zip, Digital Signature Services (DSS), Drupal, GNU C Library (glibc), PHP Symfony, Apache Tomcat, and WSO2 – starting January 30, 2019.
Another piece of software, midPoint, will be opened for bug bounty hunters beginning March 1.
The end date for these bounties differ for each software, from as early as July 2019 (for KeePass) to as late as October 2020 (for Drupal).
Reda said the amount of the bounty "depends on the severity of the issue uncovered and the relative importance of the software." It ranges from 25,000 euro to 90,000 euro (or from P1.5 million to P5.4 million*).
Reda added that this initiative was part of the Free and Open Source Software Audit (FOSSA) project she spearheaded along with fellow European Parliament member Max Andersson of Sweden. – Michael Bueza/Rappler.com
* 1 euro = P60.12