date: 09/02/2018
The objective of EU-FOSSA is to try different methods to address the security of open source software used at the European Institutions and to make investing in security of OSS a permanent action of the EU.
The novelty in the new phase, called EU-FOSSA 2, are the bug bounties. The results of a recent proof of concept for the popular open source media player VLC were presented by Marek Przybyszewski at FOSDEM – the annual forum for open source software in Brussels. The bug bounty activity was open for submissions for 6 weeks. A total of 28 participants tried to find vulnerabilities in VLC, 5 of them succeeded and were awarded.
’’This is something the European institutions never did before, they never paid researchers or hackers to find bugs in software. We managed to prove that this approach really works’’, Marek pointed out revealing that a new Call for Tenders is currently under preparation to launch more bug bounty activities. More than 20 critical OSS projects are planned to be audited with a budget of 1.6 M EUR in 2018-2019.
Hackathon in November 2018
Also in the plan is to organise a hackathon, bringing developers from a selected open source software community for a couple of days in Brussels. They will meet in person, possibly for the first time ever, to fix outstanding difficult problems in their project.
News | Wednesday 13 December 2017
Up to EUR 3000 will be awarded for bugs found in VLC media player, in the first ever bug bounty programme supported by the European Commission.