UPDATED 21:27 EDT / DECEMBER 30 2018

SECURITY

European Union to fund bug bounties for leading open-source software projects

The European Union is an unexpected entrant into the world of bug bounties, funding 14 of them for open-source software projects on which the organization relies.

Bug bounties are payments provided to security researchers and others who detect and report vulnerabilities in software. The EU’s funding will begin at the start of January.

Announced late last week by Julia Reda, an elected representative of the EU Parliament, the program will fund bug bounties for a variety of software: 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services, Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player and WSO2.

The funding will be provided through the Free and Open Source Software Audit project that was approved by the EU in 2015. That project was founded after flaws were found in OpenSSL, the open-source library used for the encryption of internet traffic.

“Since OpenSSL is also very important for the encryption of internet traffic, it is also highly relevant to the protection of your personal communication, or your payment details when you’re shopping online,” Reda said. “The issue made lots of people realize how important Free and Open Source Software is for the integrity and reliability of the internet and other infrastructure.”

The funding available for bounty payout varies between 25,000 Euro ($28,600) and 91,000 Euro ($104,100) depending on the project. The allocation of payments depends on the severity of the issue uncovered and the relative importance of the software.

The EU isn’t the only governmental body offering a bug bounty program. Singapore announced in September that by the end of the year, it would invite “white-hat” hackers to test the cyberdefenses of selected internet-facing systems to identify vulnerabilities.

The U.S. government, through various departments, also funds bug bounty projects. One example is the General Services Administration, which awarded a $2 million contract to HackerOne Sept. 21 following a successful pilot project.

Photo: Geograph

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Cookies

We employ the use of cookies. Find out more.