Navigation path

(
 
)
3.69/5 | 16 votes

EC looking for organiser of open source bug-bounty

(
 
)
5/5 | 1 votes |

Only ten days left to submit an expression of interest

The European Commission is looking for companies with experience in organising bug-bounties. The EC wants to run a small-scale bug bounty on one of the open source software projects or libraries that it uses. The exercise should provide the European institutions with open source software that has been screened for potential vulnerabilities.

Bug bounties offer software developers recognition and rewards for reporting bugs, especially those related to exploits and vulnerabilities.

The open source software that is to be reviewed will be selected by the European institutions. “The choice will take into account the limited duration of this project and the software in use at the European institutions”, the Commission writes in its negotiated procedure for a low-value contract to conduct the bug bounty, published on 29 June. It will also look at the results of a public survey, conducted as part of the ’EU-Free and Open Source Software Auditing’ (EU-FOSSA) Pilot project.

The project’s value is capped at EUR 60,000. The deadline for submitting expressions of interest is 17 July at 16:00 hrs.

More information:

Negotiated procedure Bug Bounty
EU-Fossa news item