EUs FOSSA Project Launches New Bug Bounty Program

  /     /     /  
Publicated : 23/11/2024   Category : security


EUs FOSSA Project Launches New Bug Bounty Program


The European Unions FOSSA project is launching its first-ever bug bounty program that will focus on 15 different software platforms starting later in January.



The Free and Open Source Software Audit (FOSSA) is a project of the European Union that got its start in 2014 thanks to two people: Julia Reda, a Member of European Parliament (MEP) from the Pirate Party, and Max Andersson, MEP from the Green Party.
The project was a specific response to the Heartbleed vulnerability in OpenSSL.
It originally had as its focus the performance of security audits focused on the FOSS software commonly in use in the EU.
The first year of FOSSA
, from 2015 to 2016, found the idea that audits alone arent sufficient to increase security,
according to Redas blog
.
However, audits were performed during the first year of FOSSA on the Apache web server and the KeePass password manager.
Now,
Reda announced on her blog
that FOSSA will be putting some money where its goals are. Starting January 7, there will be €851,000 ($966,000) available for bug bounties for finding vulnerabilities in 15 different software programs. The rewards will be variable, and specifically keyed to the severity of the security issues that are reported and the importance of the software they affect.
(Source:
iStock
)
The programs that will be looked at under the project include Filezilla, Apache Kafka, Apache Tomcat, Notepad++, PuTTY, VLC, FLUX TL, KeePass, 7-Zip, Digital Signature Services (DSS), Drupal, glibc, PHP Symfony, WSO2 and midPoint.
HackerOne and Deloittes Intigriti crowdsourced security platforms are being used to handle the details of the project and submissions. Reda also noted:

The software projects chosen were previously identified as candidates in the inventories [that the EU did in the first year of FOSSA to determine what specific software it relied on -- Ed.] and a public survey.

The bounties paid will be between €25,000 ($28,000) and €90,000 ($103,000). PuTTY and Drupal have the highest bounty amounts associated with them.
Some of the bounties for various programs will run until being ended this summer, but the Drupal effort wont close until October 15, 2020.
FOSSA tried a proof-of-concept bug bounty effort in 2017 using VLC Media Player as the test subject, with €60,000 ($68,000) in funding. This gave the EU some practical experience in running this kind of program.
In her blog, Reda notes that shes looking forward to other parts of FOSSA besides bounties. She notes that they have planned a series of hackathons that will allow software developers from within the EU institutions, and developers from Free Software projects, to work more closely together as well as to collaborate directly on the software that is in wide use.
Note:
the Reda blog has a table
that specifies the exact bounties and closing dates
.
Related posts:
Researcher Finds Way to Bypass SOP Within Microsoft Edge Browser
Sophisticated Malvertising Campaign Involves 10,000 WordPress Sites
Tor Browser Flaw Could Allow Governments to Bypass Security Settings
Cloudflare Looks to Take the Pain Out of DNSSEC Protocol Adoption
— Larry Loeb has written for many of the last centurys major dead tree computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
EUs FOSSA Project Launches New Bug Bounty Program