The European Commission is about to make a public inventory of the open source solutions that it uses. A methodology for creating the inventory has just been accepted by the EC’s Directorate-General for Informatics (DIGIT), as part of its ‘EU Free and Open Source Software Auditing’ (EU-Fossa) project.
The list, which is planned to be updated periodically, is one of the milestones of the EU-Fossa project. The EU-Fossa project will allow the European Commission and open source communities to assess the security level of free and open software.
Last week, the methodology for the inventory was made publicly available. It can be downloaded from the EU-Fossa website, along with other documents, such as a leaflet introducing the inventory, and a detailed selection of the tools with which the inventory can be created.
The inventory methodology is based on input from IT staff at the European Commission and the European Parliament. It will use management processes and tools already in use at the Commission and Parliament.
The completion of the first list of open source solutions and technical standards will take several weeks, expects Marek Przybyszewski, Information Systems Architect at DIGIT, who is involved in the EU-Fossa project. “Once we have all the points of contacts in the Commission and the Parliament, the next iterations will go much faster.” Each iteration will allow the EU-Fossa project to improve the inventory, if needed.
In August, the EU-Fossa project started analysing the source code of the Apache HTTP server and KeePass, a password manager. The source code will be analysed and tested for potential security problems, and the results will be shared with the software developers. The project is inviting users, especially of KeePass, to become involved.
The EU-Fossa project will share security problems and their possible fixes with the upstream developers of these software solutions.
The project is a two-year EUR 1 million project that was initiated by the European Parliament in 2014.