Bug bounty programs are very important for the security of software and hardware, major tech firms launched their own programs to discover flaws before hackers.
The European Commission recognized the importance of bug bounty programs and decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project.
The Free and Open Source Software Audit (FOSSA) covers 15 products used by the Commission, it is offering €851,000 in bounties for vulnerabilities discovered by participants.
14 bug bounty programs start in in January 2019 they will cover various products including Filezilla, Apache Kafka, Notepad++, PuTTY, and VLC Media Player. The bug bounty programs are arranged via the HackerOne platform.
Bug bounties for other nine products (FLUX TL, KeePass, 7-zip, Digital Signature Services (DSS), Drupal, GNU C Library (
The first phase of the FOSSA project started in 2014, the “pilot project” phase ran over two years from 2015-2016. The project was launched between 2015-2016 at the initiative of Julia Reda, Member of European Parliament (MEP) from the Pirate Party, and Max Andersson, MEP from the Green Party.
The project was renewed in 2017 for three more years including bug bounty programs to improve the security of software used.
“In 2017, the project was extended for three more years. This time, we decided to go one step further and added the carrying out of Bug Bounties on important Free Software projects to the list of measures we wanted to put in place to increase the security of Free and Open Source Software.” reads the post published by Reda.
“We also planned a series of Hackathons that will allow software developers from within the EU institutions, and developers from Free Software projects, to work more closely together and to collaborate directly on their software.” That would indeed be better, but the @EU_Commission can’t just dish out money to developers who haven’t gone through an onerous public tender process that favours large consultancies that specialize in bidding for tenders rather than Drupal development.141:33 PM – Dec 28, 2018Twitter Ads info and privacySee Julia Reda’s other TweetsTwitter Ads info and privacy
Below is the complete list of software products covered by the bug bounty programs starting 2019:
|Software Project||Bug Bounty Amount (Euro)||Start Date||End Date||Bug Bounty Platform|
|Apache Kafka||58.000,00 €||07/01/2019||15/08/2019||HackerOne|
|VLC Media Player||58.000,00 €||07/01/2019||15/08/2019||HackerOne|
|FLUX TL||34.000,00 €||15/01/2019||15/10/2019||Intigriti/Deloitte|
|Digital Signature Services (DSS)||25.000,00 €||30/01/2019||15/10/2019||Intigriti/Deloitte|
|GNU C Library (glibc)||45.000,00 €||30/01/2019||15/12/2019||Intigriti/Deloitte|
|PHP Symfony||39.000,00 €||30/01/2019||15/10/2019||Intigriti/Deloitte|
|Apache Tomcat||39.000,00 €||30/01/2019||15/10/2019||Intigriti/Deloitte|
(SecurityAffairs – bug bounty programs, cyber security)