The European Parliament today approved a EUR 1.9 million budget for the follow-up to the European Commission’s ‘EU Free and Open Source Software Auditing’ project (EU-FOSSA). The next version of the code audit project is to add bug bounties.
The new pilot project is the initiative of three Members of the European Parliament, Max Andersson, Julia Reda (both Greens/EFA) and Marietje Schaake (ALDE).
A press release by the three MEPs, quotes Schaake as saying “Bugs or flaws in software are used by criminals to infiltrate computers and entire ICT networks. The EU institutions must do what they can to have the most robust security. A bug bounty programme incentivises the discovery of software bugs through handing out financial rewards to every security researcher that is able to spot such a bug. This programme will allow for a much broader involvement of the security community in the common objective of ensuring a more secure IT infrastructure.”
The EUR 1.9 million for the follow-up to EU-Fossa is included in the European Parliament’s approval of the EU budget for 2017.
In late 2014, Andersson and Reda used the same route to get EUR 1 milion for the EU-FOSSA project. That project, which ends this month, checked the code for two open source software projects, the Apache HTTP server and KeePass, a password manager. Additionally, it resulted in a formal process to let the European institutions contribute the results of software security reviews back to the open source communities.
The three MEPs hope that the follow-up project will further improve ties with the free software community and IT security professionals. “We hope that this programme will contribute to the support for free software in public administrations, which still rely too heavily on proprietary solutions”, the press release quotes Andersson as saying.