Just in time for the end of the year, the European Commission announced the start of a first bug bounty within the Free and Open Source Software Audit (FOSSA) project. You can now submit bugs you find in VLC Media Player on HackerOne, where bounties ranging from $100 for low-severity bugs and up to $2,000 for critical bugs are offered.

You can now submit bugs you find in VLC Media Player.

Tweet this!

With a total budget of €60,000, the VLC bug bounty is only a first “proof of concept” bug bounty in order to learn more about how to run future bounties within FOSSA-2.

I started the FOSSA project in 2014 in order to improve the overall security of the Internet, after severe vulnerabilities were discovered in key infrastructure components like OpenSSL. The Internet – and with it our everyday lives – relies on Free Software. That is why I believe that the European Commission and public administrations in general have a responsibility to invest in its stability, reliability and security.

In a public poll in 2016, you had the opportunity to vote for software projects that should receive an audit. The Apache web server and the password manager Keepass received the most votes and received an audit paid for from the FOSSA budget. VLC was the runner-up. With FOSSA-2, we want to reach out more directly to developers, security researchers, and hackers by the way of bug bounties. In 2018, we will ask you to suggest which software should be improved through a FOSSA bug bounty.

To the extent possible under law, the creator has waived all copyright and related or neighboring rights to this work.