EU Offering Cash Bounty Incentives For Finding Security Flaws in Open Source Tools

The European Union (EU) is back with a third edition of its Free and Open Source Software Audit (FOSSA) plan of action for 2019. As a security audit measure, FOSSA relies on its bug bounty programme. This covers numerous open source projects like VLC, Apache, Filezilla, Kafka and more. EU has reserved the highest allocation towards PuTTY, followed by Drupal and KeePass.

A Snapshot

FOSSA aims at bringing together the developer community to ensure better security of open source systems, such as CMS or other standard software used by the EU.

There are several open-source software that is widely used by the authorities, as well as the public at large. Reportedly some of these are used as part of the EU’s IT Infrastructure, and therefore they are keen on ensuring better security for such projects.

The Genesis

The significance of Open Source encryption library (OpenSSL) and its security was highlighted in 2014. The focus was on the ones used by EU Authorities for their IT Infrastructure. The very first Edition of FOSSA came out with a budget of 1 million Euros. The next edition of FOSSA Raised about 2 million Euros.

A lot of people rely on free software without realizing how insecure and vulnerable some of these are.  Some such open source systems facilitate the operations of several other software, making it essential for them to remain well administered.

One example is OpenSSL which plays a significant role when it comes to encryption services. It may be recollected that several Nations such as Australia and the US have been bringing in legal reforms in connection with the cyber laws.  This includes the formulation of laws and regulations that require IT companies to provide a backdoor to the concerned Government and its agencies. These measures aim at providing better regulatory and investigating powers to the security and law enforcement agencies.

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients