In January 2019, the European Union will launch a special reward programme for finding software bugs in open source software. By doing so, the EU aims to improve the use of open source software within its own institutions and, above all, to make it safer.

The so-called bug bounties or rewards that developers can receive by actively detecting errors and vulnerabilities in software are of great importance to the EU because there is a lot of open source software within the various institutions.

This involves detecting errors and vulnerabilities in 14 different types of open source software that are often used within the EU. These are open source software systems: 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services, Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player and WSO2.

Reward according to the size of the problem

The highest of the rewards for finding errors and vulnerabilities in the above software takes place on two criteria. Firstly, the seriousness of the problem found and, secondly, the extent to which the software in question is important to the EU. In total there are substantial amounts of between 25,000 and 91,000 euros available for the bug bounties, depending on the project.

FOSSA organiser of the research project

The organiser of the Bug Bounty project is the EU’s existing Free and Open Source Software Audit (FOSSA) project. This project was started in 2015 after errors were detected in the OpenSSL open source library used to encrypt Internet traffic.

The EU is not the only government organisation that actively provides bug bounties. Similar projects are also active in the United States and Singapore.

This news article was automatically translated from Dutch to give a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.