Connect with us

Hi, what are you looking for?

Cyber Security

European Commission launches new open source software bug bounty program

The European Commission (EC) has launched a bug bounty program for open source projects that underpin its public services.

Bug bounty hunters will be offered up to €5,000 ($5,600) for finding security vulnerabilities in open source software used across the European Union (EU), including LibreOffice, LEOS, Mastodon, Odoo, and CryptPad.

The program, led by European bug bounty platform Intigriti, will also offer a 20% bonus if a code fix for the bugs it is provided by researchers.

In a statement released on January 19, the EC said it is looking for reports of security vulnerabilities such as leaks of personal data, horizontal/vertical privilege escalation, and SQL injection. The highest reward will be paid out for “exceptional vulnerabilities”.

This latest program comes in the wake of the EU FOSSA program, which paid out more than $220,000 in its 18 months in operation, and was heralded a “remarkable success”.

Speaking to The Daily Swig, Inti De Ceukelaire, head of hackers at Intigriti, said the partnership came about last year, when Intigriti led a program funded by the EC’s ISA2 program.

“We are committed to further nurture the relationship with the open source communities that we have established over the past years,” he said.

“I personally believe every governmental body should have and encourage the use of vulnerability disclosure policies, and introduce or adept unambiguous laws to support vulnerability research. Bug bounties, amongst other crowd-sourced initiatives, are a great way to incentivize this.”

De Ceukelaire added: “Almost any organization uses open source projects in one way or another. Identifying and resolving security vulnerabilities in these projects has an impact at scale.

“The Log4j incident has shown us that supporting the security of widely used open source projects is an absolute must, so we can only applaud this initiative by the European Commission.”

Odoo is currently an invite-only program, however the other programs can be found on Intigriti’s website.

Source: https://portswigger.net/daily-swig/european-commission-launches-new-open-source-software-bug-bounty-program

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

The Brenner Base Tunnel will form the main part of a 64 km mega-tunnel under the Alps between Austria and Italy, making it the...

Business News

Tyligulska Wind Power Plant, located to the west of Kherson, is the world’s only windfarm to be built in a major conflict zone. Lucy...

Business News

The European Anti-Fraud Office (OLAF) has put forth a recommendation to halt the €140 million renovation project for the Kostenets-Septemvri railway in Bulgaria, while...

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO