The EU is Giving Out Bug Bounties for Open Source Projects
I've recently discovered through the blog of Julia Reda (Pirate Party European Parliament member), that the EU is funding bug bounties for open-source projects, starting mid-January 2019.
Back in 2014, vulnerabilities were found in OpenSSL and this prompted Julia Reda & Max Andersson to start an Open-Source software audit project called FOSSA. Through the first iteration of this project, two Open-Source project received security audits that were funded by the EU, the Apache webserver and the KeePass password manager.
Back in 2017, it was decided to add bug bounties to the scope of the FOSSA project and below you can see a list of projects for which bug bounties are available. In total, there's €851.000 in bug bounties to be earned and the amount of each individual bounty depends on the severity of the issue, together with the importance on the project.
| Software Project | Bug Bounty Amount (Euro) | Start Date | End Date | Bug Bounty Platform |
|---|---|---|---|---|
| Filezilla | €58.000 | 07/01/2019 | 15/08/2019 | HackerOne |
| Apache Kafka | €58.000 | 07/01/2019 | 15/08/2019 | HackerOne |
| Notepad++ | €71.000 | 07/01/2019 | 15/08/2019 | HackerOne |
| PuTTY | €90.000 | 07/01/2019 | 15/12/2019 | HackerOne |
| VLC Media Player | €58.000 | 07/01/2019 | 15/08/2019 | HackerOne |
| FLUX TL | €34.000 | 15/01/2019 | 15/10/2019 | Intigriti/Deloitte |
| KeePass | €71.000 | 15/01/2019 | 31/07/2019 | Intigriti/Deloitte |
| 7-zip | €58.000 | 30/01/2019 | 15/04/2020 | Intigriti/Deloitte |
| Digital Signature Services (DSS) | €25.000 | 30/01/2019 | 15/10/2019 | Intigriti/Deloitte |
| Drupal | €89.000 | 30/01/2019 | 15/10/2020 | Intigriti/Deloitte |
| GNU C Library (glibc) | €45.000 | 30/01/2019 | 15/12/2019 | Intigriti/Deloitte |
| PHP Symfony | €39.000 | 30/01/2019 | 15/10/2019 | Intigriti/Deloitte |
| Apache Tomcat | €39.000 | 30/01/2019 | 15/10/2019 | Intigriti/Deloitte |
| WSO2 | €58.000 | 30/01/2019 | 15/04/2020 | Intigriti/Deloitte |
| midPoint | €58.000 | 01/03/2019 | 15/08/2019 | HackerOne |
| TOTAL | €851.000 |
So, if you're currently already contributing to the Bug Hunting category on @utopian-io, you might also want to look into getting some of these bounties. You still have ample amount of time to prepare and you might discover some serious security flaws in your favourite Open-Source projects!
Featured image was made by Brent-Ritztro and released under CC-BY-SA 3.0
Data used in this article was originally gathered by Julia Reda and adapted by me (added totals). With permission.
Original Source: https://juliareda.eu/2018/12/eu-fossa-bug-bounties/
This is not a submission for @utopian-io, though I have used the tag since the information presented here could be of use for Utopian contributors
Thats a cool initiative that that provide funds to motivate people to work and find solutions ot these issues
Wishing you and yours a Happy New Years and all the best for 2019
Happy NY for you too @tattoodjay!
Thanks Kindly :)
Wow, this is really cool and also a bit scary as I look at the list, I use a lot of those programs on a daily basis. Glad that there is this initiative to get them secure!
Thank you so much for participating the Partiko Delegation Plan Round 1! We really appreciate your support! As part of the delegation benefits, we just gave you a 3.00% upvote! Together, let’s change the world!
Hi @daan!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 3.903 which ranks you at #4094 across all Steem accounts.
Your rank has improved 77 places in the last three days (old rank 4171).
In our last Algorithmic Curation Round, consisting of 268 contributions, your post is ranked at #57.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server
Congratulations! This post has been chosen as one of the daily Whistle Stops for The STEEM Engine!
You can see your post's place along the track here: The Daily Whistle Stops, Issue 358 (01/01/19)