And announces bug bounty

Dutch government to evaluate software development process following success of Corona app

Published on: 16/10/2020

The success of the open source software development process for the Dutch Covid-19 track and trace app is prompting the government to consider the same procedure for other projects, State Secretary for the Interior Raymond Knops has told the parliament.

Mr Knops will involve the government’s ICT testing office (Bureau ICT-toetsing, or BIT), he wrote on 12 October.

BIT, in its 2019 annual review of government IT projects, concluded that the Dutch government lacks expertise in software development. This leads to projects being incorrectly set up, and important steps being missed or not properly carried out. The bureau warned the government that software is not reusable by default. Reusability requires skilled software developers, and there is the additional problem that generic reusable components are rare in governmental IT.

Bug bounty

A screenshot from the Dutch Covid-19 track and trace app: drawing of a hand holding a smart phone, and some text in boxes.
And the code is within grasp too.

According to press reports, the EUR 5 million software development project for the Dutch Covid-19 track and trace app (CoronaMelder) was scrutinised by IT experts and advocates of openness.

The process included a code security scan, which found a handful of small issues. This week, the health ministry announced it is considering bug bounties to help improve the security of the code.


The source code for the Dutch app is available online. The software is published using the European Union public licence (EUPL).

More information:

Report from the Interior Ministry to the Parliament (in Dutch)
Source code of the Dutch Covid-19 app
Tweakers news item (in Dutch)
Tweakers news item (in Dutch)
Computable news item (in Dutch)

Login or create an account to comment.