The EU launches a bug bounty program, part of FOSSA project, to hunt for exploits in open-source software used by European institutions. The aim is to better protect the Block cyber security

The EU is launching a bug bounty program as part of it’s Free and Open Source Software Audit project (FOSSA), focused on cyber security issues with open-source software. The initiative will start from January 2019 and will involve 14 out of the 15 total european bug bounties, selected from open-source software projects that are used by EU institutions. The software that is part of the project includes programs like VLC Media Player and 7-zip. The rewards for finding an exploit range from €25,000 to €90,000. Bug bounties are an easy and economic way for companies to check their cyber security by offering cash to freelancers, usually white-hat or grey-hat hackers. They hunt for exploits and then report them so that they can be fixed. In fact, the companies employ for free an enormous team of people, that will be paid only if they’ll produce results.

What is the EU cyber security FOSSA project

The EU FOSSA project, according to Digital Trends, was started back in 2014 when cyber security vulnerabilities were found in the OpenSSL Open Source encryption library, used for the encryption of internet traffic. As free and open-source software performs a number of vital functions for every internet user, the European Parliament and others decided to take on the challenge of auditing the free software that they use for security issues. Since 2014 the FOSSA project has been gathering data, sponsoring hackathons, and deciding on which bug bounties to offer. The first phase of the project focused on auditing the security of the essential Apache and KeePass software, then the project was renewed and extended to cover other open-source software as well. Now it’s time for the bug bounty program.