Brussels / 30 & 31 January 2016



Free and Open Source Software Auditing

EU-FOSSA: Pilot Project for auditing of Open Source Software at the European Institutions

Recent discoveries of vulnerabilities in critical information infrastructure have drawn the broader public's attention to the need to understand how governance and quality of the underlying software code relates to basic safety and public trust in applications that are used on a day-to-day basis.

During this presentation we would like to bring your attention to an ongoing pilot project looking for a systematic approach towards ensuring that widely used critical software can be trusted. This project has been conceived at the European Parliament and entrusted for execution to the European Commission, with a total budget of 1 million euro. If it proves to be successful, it might become a permanent action of the European Institutions during the years to come.

It has been conceived in three parts: – Comparative study of the European Institutions' and open source communities’ software development practices and a feasibility study of performing a code review of open source projects for European Institutions. – Definition of a unified methodology to obtain complete inventory of open source software and technical specifications used within the European Parliament and the European Commission and the actual collection of data. – Exemplary code review of selected open source software and/or library, particularly targeting software considered critical, that is exploitation of which could lead to a severe disruption of public or EU services and/or unauthorised access.

This presentation will focus on areas where collaboration with the open source communities is crucial and where we might be looking for exchange of ideas or direct involvement in the project's execution.


Marek Przybyszewski