The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software.
The European Union (EU) is looking for bug hunters to discover security flaws in some of the well-known free and open source software.
The EU will fund a total of 15 ‘bug bounties’, of which 14 will be launched in January and the remaining one in March next year.
The list of open source projects includes 7-zip, Apache Tomcat, Drupal, Filezilla, VLC, KeePass, Notepad++ and other popular tools on which EU institutions relies. The bug hunters will be offered with rewards ranging from €25,000 to €90,000 ($28,600 to $103,000), for a total offered amount of €851,000 ($973,000).
The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software.
A part of FOSSA project
The funding will be provided through their Free and Open Source Software Audit project (FOSSA), which aims to ensure the integrity and reliability of the internet and other infrastructure.
The FOSSA project was started back in 2014 after security vulnerabilities were discovered in the OpenSSL encryption library. Since then the project has been gathering data, sponsoring hackathons, and deciding on which bug bounties to offer.
The first phase of the project focused on auditing the security of the essential Apache and KeePass software, then the project was renewed and extended to cover other open-source software as well.
The bug bounty program was announced on Thursday by Julia Reda, member of the European Pirate Party and co-founder of the Free and Open Source Software Audit (FOSSA) project, with a blog post on her website.