The Open Source Program Office of the European Commission has decided to offer bug bounties on popular open source software. Open Source Software runs everything from current servers to the Internet of Things to workstations, and it appears to be at the heart of European Union systems as well.
The bounty was targeted on OpenSSL and the Heartbleed bug at the time. As everyone knows, OpenSSL is the foundation of today’s internet-based communication, and faults in it jeopardise society’s core fibre.
A fresh cycle of cybersecurity sponsorship has begun, but this time under the moniker European Commission Open Source Programme Office (EC OSPO). This time, the EU is paying for security vulnerabilities in LibreOffice, LEOS, Mastodon, Odoo, and CryptPad, plus a 20% bonus if a code remedy is provided for the problems found.
This benefit is critical because, once a vulnerability has been discovered and reported, the project’s maintainers are sometimes slow to release a patch. The bonus is intended to encourage bug hunters to suggest remedies as well as uncover vulnerabilities, resulting in a significantly faster response time.
The criteria for selecting specific applications were based on how they were used. They’re all open source solutions that are used by public services all around the European Union:
- LibreOffice is a strong and free office suite.
- Mastodon is a free, open-source social network server built on ActivityPub that allows users to find new friends and follow them.
- Odoo is a business management software that includes an eCommerce and CRM system.
- Cryptpad is an open-source collaboration platform that allows individuals to collaborate online on documents, spreadsheets, and other sorts of documents in a secure and encrypted environment.
- LEOS is a software program that assists persons participating in the development of law, which is typically a time-consuming procedure that requires effective online communication.
Bug hunters are hired to look for security flaws such as personal data leaks, horizontal/vertical privilege escalation, and SQL injection. The top prize will be EUR 5,000 for extraordinary vulnerabilities, plus a 20% bonus if a remedy is also given, as previously indicated. The bug bounty will be built on the Intigriti platform, which works with European teams of all sizes, shapes, and industries to safeguard digital assets, preserve sensitive information and customer data, and develop a responsible disclosure procedure.