Skip to main content
  1. Home
  2. Computing
  3. News

EU to offer bug bounties for finding security flaws in open-source software

Add as a preferred source on Google

Bug bounties are a way for companies to check the security of their software by offering cash to freelancers who hunt for security exploits and then report them so that they can be fixed. The idea is that everyone benefits from this process: the company gets its software checked by a larger variety of people than they could employ by themselves, the bug hunters get offered legitimate cash for finding a security flaw instead of selling that information on the black market, and the public gets software which has been more thoroughly checked for security issues. Big tech companies like Google and Intel have been running bug bounty programs for years.

Now the European Union is getting in on the action too. From January 2019, the EU will be launching a bug bounty program as part of their Free and Open Source Software Audit project (FOSSA), focused on security issues with open-source software. The FOSSA project was started back in 2014 when security vulnerabilities were found in the OpenSSL Open Source encryption library which is used for the encryption of internet traffic. As free and open-source software performs a number of vital functions for every internet user, the European Parliament and others decided to take on the challenge of auditing the free software that they use for security issues.

Recommended Videos

Since 2014 the FOSSA project has been gathering data, sponsoring hackathons, and deciding on which bug bounties to offer. The first phase of the project focused on auditing the security of the essential Apache and KeePass software, then the project was renewed and extended to cover other open-source software as well. Now 14 out of the 15 total bug bounties will be launched in January, selected from open-source software projects that are used by EU institutions.

You can find a list of the programs included in the project and the amount offered as a bounty for each one at the website of Julia Reda, an internet activist and Member of the European Parliament (MEP) from Germany. The software that is part of the project includes well-known programs like VLC Media Player and 7-zip, and the bounties offered for finding an exploit range from €25,000 (about $28,000) to €90,000 (just over $100,000).

Georgina Torbet
Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…
Amazon wants to design in-house chips for Kindles, Fire TV, and Echo speakers
Apple did it first. Amazon is doing it now, starting with 40 million chips a year and a partner most people have never heard of.
Amazon Kindle Scribe dark mode featured image.

Apple's decision to design its own chips reshaped the consumer electronics industry. Amazon may be about to make the same call, just about two decades later.

Supply chain analyst Ming-Chi Kuo reports that Amazon is preparing to shift away from externally sourced processors for its consumer electronics lineup, marking what he describes as the company's first major processor procurement change in 20 years. The transition is expected to begin in 2027.

Read more
AI wants to summarize it all. TripAdvisor’s misleading reviews show AI will also ruin your travel plans
Spotless, friendly, and totally wrong. AI summaries are hiding the reviews that actually matter.
Tripadvisor logo on MacBook

Planning a trip is stressful enough without wondering if the glowing hotel summary you just read was written by an AI that skipped the scary parts. As it turns out, that might be exactly what's happening on TripAdvisor.

According to an investigation by consumer group Which?, reported by the Guardian, TripAdvisor's AI-generated review summaries are smoothing over serious guest complaints, and in some cases, downright dangerous ones.

Read more
Opera’s new Paste Protect feature stops the clipboard attack your antivirus can’t catch
ClickFix attacks trick you into compromising your own device, and no major browser had a native defense against them until now.
Opera Paste Protect featured

Most online scams are easy enough to spot once you know what to look for. Fake login pages, suspicious attachments, or urgent wire transfer requests are dead giveaways. But ClickFix doesn't look like any of them. It presents itself as a solution, and it asks you to do something so routine that few people think twice about it.

The technique was behind more than 53 percent of malware loader incidents last year, according to cybersecurity firm Huntress, and no major browser had a native defense against it until now. Opera is fixing that with a new feature called Paste Protect.

Read more