Pirate Party MEP serves up €1m Brussels-backed bug program for open source

€1m bug bounty programme

The European Union is ponying up close to  €1m under a bug bounty programme spanning a range of open source projects.

The cash drop represents the latest milestone for the Free and Open Source Software Audit Project (FOSSA) the brainchild of German Pirate Party MEP Julia Reda and her colleague, Max Andersson.

In a pre-NYE blog post announcing the bounties, and recapping progress on FOSSA, Reda said that, “In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.

“The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software. The software projects chosen were previously identified as candidates in the inventories and a public survey,” she continued.

The biggest pile of cash – €90,000 – is tied to bugs in PuTTY, the SSH and Telnet client and terminal emulator.

Drupal attracts a pot of €89,000, while Keepass and Notepad++ attract €71,000 each. Amongst others, Apache Kafka has a €58,000 pot, while Apache Tomcat has €39,000

Other projects on the list include Filezilla, VLC Media Player, Digital Signature Services and the GNU C Library.

The bug bounty programme will be administered by HackerOne and Intigriti/Deloitte.

The one thing the EU and open source software have in common is that whatever they do is going to the wrong thing in many people’s eyes. Observers have suggested that the EU would be better off paying fulltime developers on key projects it relies to prevent bugs in the first place. Also while bug hunters are incentivised to…well, find bugs, this doesn’t guarantee fixes, or that those fixes will be applied.