EU to Run Bug Bounty Programs for 14 Free Software Projects

The European Union is offering a total of more than €850,000 – nearly $1 million – for vulnerabilities found in 14 widely used free and open source software projects. The announcement was made last week by Julia Reda, who represents the German Pirate Party in the European Parliament. Reda and Max Andersson, a member of Sweden’s Green Party in the European Parliament, are the creators of the Free and Open Source Software Audit (FOSSA) project. FOSSA, run by the European Commission, was launched in 2014 in response to the OpenSSL vulnerability known as Heartbleed. Its goal is to help improve the overall security of the Internet through bug bounty programs, audits, hackathons and other initiatives. Starting this month, as part of FOSSA, the European Commission will launch 14 bug bounty programs for free software projects, including Filezilla, Apache Kafka, Apache Tomcat, Notepad++, PuTTY, VLC, FLUX TL, KeePass, 7-Zip, Digital Signature Services (DSS), Drupal, glibc, PHP Symfony, WSO2, and midPoint.