The EU is offering bounties to people who find security flaws in open source software

December 31, 2018

The European Union wants to beef up its digital security and what better way than to go to the experts – the people.

The European Commission is launching bug bounties in January that will offer prizes in return for spotting security flaws in 14 free, open source software tools EU institutions use. These include well-known tools like VLC Media Player, KeePass, 7-zip and Drupal as well as something as vital as the GNU C Library.

The bounties range from €25,000 to €90,000 (about $28,600 to $102,900) and will start expiring August 15, 2019, although a few will last until 2020, reported Engadget.

Related: This Twitter security flaw allows hackers to post tweets via text messaging

The EU started checking open source software in 2015 when it launched the Free and Open Source Software Audit (FOSSA) in the wake of flaws found in OpenSSL encryption. It extended the project three more years in 2017, when it first outlined plans to offer bug bounties.

Now, it’s starting those bug bounties in earnest — it had previously focused on audits and hackathons. There’s no guarantee this will spare the EU from cyberattacks, but any bounties could help the community as a whole by patching vulnerabilities that might otherwise go undiscovered.

 
 


