EU Attributes $1 Million to Fund FOSSA Bug Bounty Programme

The European Union (EU) recently declared its bug bounty programme for around 15 common open-source software tools, however the attribution of budget for this program was unclear,  initial reports now show that it is now somewhere around $1 million.

In the current phase, FOSSA covers 15 open-source projects, which includes utility software, and Content Management Systems. According to reports, 14 programs would commence in January, 2019, while the 15th may take a couple of months, before it is rolled out.

EU All set to help Developers

The EU has identified the enormous efforts that go into developing and managing open source software, and the security concerns that crop up with it. Therefore, to make the entire process easier for the developers, it has decided to run a bug bounty through its Free and Open Source Software Audit (FOSSA) project.

The Big Reward

The EU has set an enormous budget of € 851,000 or US$ 973,000 for this bug bounty program. What is sure to grab any researcher’s interest is that rewards begin at € 25,000 and go up to as much as € 90,000. According to reports, the most important criterion for assessing a reported bug is the impact that it can cause. The bigger the security threat associated with it, the better the reward.

Towards the end of December 2018, Julia Reda, Co-Founder of FOSSA has announced 15 open-source programs that would be rolled out this year. This includes softwares that EU relies on, such as utility softwares, open-source libraries and content management systems. To name a few, the list includes KeePass, VLC Media Player, Filezilla, 7 zip, Notepad ++, Drupal and Tomcat.

Many millions of consumers rely on open-source software and libraries, therefore, should a zero day be discovered the impact could be huge with the potential to affect the financial data of many. With this bug bounty programme the EU has taken a step forward to ensure better data privacy to its members.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients