Open Source Bug Bounty

ISA2 Launches New Open Source Bug Bounties

Published on: 25/01/2021

Awards of up to EUR 5000 are available for finding security vulnerabilities in Element, Moodle and Zimbra, open source solutions used by public services across the European Union. There is a 20% bonus for providing a code fix for the bugs they discover.

A new set of bug bounties were launched on 11 January 2021 using the Intigriti bug bounty platform. The bounties funded by the Commission’s ISA² programme focus on open source software widely used by European Public Services.

Element (Matrix) is an instant messaging platform used, for example, by public services in France and Germany; Moodle is an eLearning platform widely used by public administrations and universities worldwide; and Zimbra is a popular email server solution that includes group calendars and document collaboration.

About the open source Initiative under the ISA2 Sharing and Reuse Action

The Sharing and Reuse Action (2016.31) promotes interoperability, standardisation, and cooperation among public administrations. Eventually leading to faster and more efficient administrative procedures while public expenditure, time and effort for public administrations and public services. In addition to Bug Bounties programmes, there are other activities under the Sharing and Reuse action that support use of open source software by public administrations:

  • New version of Guidelines for Sustainable Open Source Communities in the Public Sector
  • OSS country intelligence reports
  • Series of webinars on different OSS-related topics 
  • An open source software inventory to identify Europe’s most critical open source software used across European Public Services;
  • A feasibility study on funding mechanisms to sustain and protect Europe’s existing and new open source software; and
  • Hackathons which bring together open source practitioners to solve software and interoperability issues for European public administrations.

Shared on