Life cycle support also a pri…

Life cycle support also a priority for open source

16/06/2016
Similarities between open source projects and public administrations

Open source software development projects and public administrations have similar concerns about software support. The two also share an approach to classifying software requirements, concludes the EU-FOSSA project, a software security audit project on open source implemented by the European Commission and the European Parliament.

Over the past months, EU-FOSSA has been comparing development methods and security concerns in 14 open source communities with those of 14 software projects in the European Commission and European Parliament. The findings were presented in Brussels on 3 June.

 

A slide showing the overlap between open source communities and EC software development

 

Consultants from ICT companies Everis (Spain), KPMG (Italy) and Trasys (Belgium) are proposing a formal process that will let the European institutions contribute the results of their software security reviews back to the open source communities.

Feedback-loop

The first reports drafted by the EU-FOSSA project are available in the ’project deliveries’ section of the EU-Fossa website. The most important of these reports is Design of the Method for Performing the Code Reviews for the European Institutions’.

This summer, the project will organise a security audit of one open source software component. The European Commission will organise a poll, to get open source groups and others to help select the component.

Long-term goals

The EUR 1 million EU-FOSSA project is managed by the European Commission's Directorate-General for Informatics (DIGIT). It was initiated by the European Parliament in December 2014.

DIGIT has made contributing to open source software development projects one of the priorities of its open source strategy.

The content of this field is kept private and will not be shown publicly.