Brussels / 3 & 4 February 2018



OSS bug bounties sponsored by the EU

The EU-FOSSA project developed by European institutions is aiming at improving the security of Open Source Software. The next iteration of the project, EU-FOSSA 2, is continuing in 2017-2019 with a higher budget of 2.6 M€ and a novelty, the bug bounties. Information about the planning and status of the project will be given during this talk.

The EU-FOSSA project is aiming at improving the security of Open Source Software. The first iteration of the project was executed during 2015-2016. This project:

  • developed a methodology to perform code reviews at the EU institutions,
  • performed an inventory of Open Source Software used in the European Commission,
  • reviewed code of Apache HTTP Server Core and KeePass, with the help of an external company.

In the new iteration of the project, running during 2017-2019 with a total budget of 2.6 M€, we explore the possibility of using public money to fund bug bounties. This way the European institutions intend to improve the security of major Open Source Software to reduce the risk of a new major incident like Heartbleed. We also intend to convince everyone that this should become a permanent activity of the European Union.

We are also planning other activities, like more active communication and direct collaboration with open source communities. The peak of activities is expected during Q3/2018 - Q2/2019. The timing of FOSDEM18 is a perfect opportunity to inform everyone interested in the project about the status and the activities planned.


Marek Przybyszewski