Data Security

Open source software vulnerability bounty program

This program will focus on the 14 open source products used by the organization

According to cybersecurity and ethical hacking
specialists from the International Institute of Cyber Security, the European
Union will launch a vulnerability bounty program for the 14 open source products that the organization uses. Julia Reda,
Member of the European Parliament, recently announced that the European
Commission will offer rewards worth up to €581k thanks to
the Free and Open Source Software Audit (FOSSA) program.

The program will enter into force from January
2019 and is part of the third edition of the FOSSA Project of the European
Union, approved by the member countries in 2015, after severe vulnerabilities
were discovered in the OpenSSL library in 2014.

According to specialists in cybersecurity, the tools included in this rewards program include 7-Zip, Apache,
Tomcat, Apache Kafka, Filezilla, Drupal, some digital signature services (DSS),
Symfony PHP, VLC Media Player, among others.

During the announcement, the European
Parliament highlighted the importance of open source software: “The 2014
incident made us realize the importance of the use of open software for the
reliability of many computer infrastructures. Like many other organizations,
the European Union is based on the use of free software to manage multiple
platforms”.

The first edition of the FOSSA program was held
in 2016, had a budget close to €1M and sponsored the security audit
of the web server KeePass and Apache HTTP. During the second edition, the
program counted on a budget of €2M, which covered various
vulnerabilities of the VCL Media Player application.

From January 2019 onwards, independent experts
and cybersecurity firms will be able to start looking for bugs in these open
source projects to access various rewards. Security vulnerabilities for Apache
Kafka, Notepad + +, putty, Filezilla and VLC Media Player will be sent as of
January 7, 2019, through the HackerOne vulnerability bounty coordination
platform.

As of March 1, 2019, the vulnerabilities of
Midpoint, the government platform for identity management, will be reported.
Security audits for the remaining nine products will be coordinated through a
Brussels-based collective distribution security platform.

Through her personal blog, Julia Reda comments
that the European Union also plans to conduct a series of ethical hacking and
cybersecurity events. In addition, Reda says that in the future the FOSSA
program will focus mainly on Drupal and developers will find the necessary
motivation to build safe products.

To Top

Pin It on Pinterest

Share This