Starting in January, the European Commission is going to fund bug bounty programs for a number of open source projects that are used by members of the EU. The initiative is part of the third edition of the Free and Open Source Software Audit (FOSSA) project, which aims to ensure the integrity and reliability of the internet and other infrastructure.

In all, the Commission will fund 15 bug bounty programs, with rewards ranging from €17,000 ($19,400) to €90,000 ($103,000).

See also:

The full list of programs that will be funded by the EC from January includes a number of popular tools: 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, Notepad++, PuTTY, PHP Symfony, VLC Media Player and WSO2. In March, midpoint will be added to the list.

Some of the bug bounties run just up until summer 2019, while others run well into 2020.

FOSSA was set up back in 2014 when a security vulnerability was discovered in the open source encryption library OpenSSL, affecting a number of tools that rely on it. Writing about the latest edition of the project, EU Member of Parliament Julia Reda says:

Since OpenSSL is also very important for the encryption of Internet traffic, it is also highly relevant to the protection of your personal communication, or your payment details when you’re shopping online. The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure. Like many other organisations, institutions like the European Parliament, the Council and the Commission build upon Free Software to run their websites and many other things. But the Internet is not only crucial to our economy and our administration. It is the infrastructure that runs our every day lives. It is the means we use to retrieve information and to be politically active. That is why my colleague Max Andersson and I started the Free and Open Source Software Audit project: FOSSA.

All of the tools included in the third edition of the projects are used by EU institutions. Reda explains that "the amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software".

Image credit: paparazzza / Shutterstock