The European Commission is launching 14 bug bounty programmes this month with the aim of boosting the resilience of open source software used by EU institutions.
HackerOne and Intigriti have been tasked with managing the bounties, which provide ethical hackers with the opportunity to win up to £80,000 for uncovering severe vulnerabilities.
The initiative, dubbed the Free and Open Source Software Audit (FOSSA), covers a range of projects including Filezilla, Apache Kafka and Drupal. It was co-founded by Pirate Party MEP Julia Reda after vulnerabilities were discovered in an open source encryption library called OpenSSL in 2014.
Sign up to Emerging Threats, our weekly cyber security newsletter
“The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure,” said Reda in a blogpost. “Like many other organisations, institutions like the European Parliament, the Council and the Commission build upon Free Software to run their websites and many other things.”
“But the Internet is not only crucial to our economy and our administration. It is the infrastructure that runs our every day lives. It is the means we use to retrieve information and to be politically active,” Reda added. “That is why my colleague Max Andersson and I started the Free and Open Source Software Audit project.”
Bug bounty programmes have risen in popularity in recent years as more companies see the value in ethical hacking. HackerOne is one of the biggest bug bounty platforms and counts Spotify, Starbucks and GM among its clients. In October, the company revealed it had helped uncover 150 vulnerabilities in the US Marine Corps website.
A full list of the bug bounty programmes can be found on Reda’s website here.