Similarities between open source projects and public administrations
Open source software development projects and public administrations have similar concerns about software support. The two also share an approach to classifying software requirements, concludes the EU-FOSSA project, a software security audit project on open source implemented by the European Commission and the European Parliament.
Over the past months, EU-FOSSA has been comparing development methods and security concerns in 14 open source communities with those of 14 software projects in the European Commission and European Parliament. The findings were presented in Brussels on 3 June.
Consultants from ICT companies Everis (Spain), KPMG (Italy) and Trasys (Belgium) are proposing a formal process that will let the European institutions contribute the results of their software security reviews back to the open source communities.
The first reports drafted by the EU-FOSSA project are available in the ’project deliveries’ section of the EU-Fossa website. The most important of these reports is Design of the Method for Performing the Code Reviews for the European Institutions’.
This summer, the project will organise a security audit of one open source software component. The European Commission will organise a poll, to get open source groups and others to help select the component.
The EUR 1 million EU-FOSSA project is managed by the European Commission's Directorate-General for Informatics (DIGIT). It was initiated by the European Parliament in December 2014.