Jessica HaworthJanuary 21, 2022 16:00 UTC
Updated: January 21, 2022 16:20 UTC
Hackers invited to test services used by EU institutions
The European Commission (EC) has launched a bug bounty program for open source projects that support its public service.
Bug bounty hunters will receive up to €5,000 ($5,600) for finding security vulnerabilities in open source software used throughout the European Union (EU), including LibreOffice, LEOS, Mastodon, Odoo and CryptPad.
The program, led by European bug bounty platform Intigriti, will also offer a 20% bounty if code fixes are made to bugs contributed by researchers.
exist a statement Released on January 19, the EC said it was looking for reports of security vulnerabilities such as personal data breaches, horizontal/vertical privilege escalation, and SQL injection. “Anomalous Vulnerabilities” will receive the highest reward.
Read more of the latest bug bounty news
This latest scheme follows the EU’s FOSSA scheme, which paid out more than $220,000 over its 18 months of operation and was hailed as an “extraordinary success”.
and daily swigInti De Ceukelaire, head of hacking at Intigriti, said the partnership began last year, when Intigriti led a program funded by the EC’s ISA2 program.
“We are committed to further fostering the relationship with the open source community that has been established over the past few years,” he said.
“I personally think every government agency should develop and encourage the use of vulnerability disclosure policies and introduce or adopt clear laws to support vulnerability research. Bug bounties, and other crowdsourcing initiatives, are a great way to incentivize this.”
you might like Blame game: EU criticises ‘fragmented and slow’ approach to cyberattack attribution
De Ceukelaire added: “Almost all organizations use open source projects in one way or another. Identifying and addressing security vulnerabilities in these projects can have large-scale impact.
“The Log4j incident has shown us that supporting the security of widely used open source projects is absolutely essential, so we can only applaud the European Commission for this move.”
Odoo is currently an invite-only program, but other programs can Intigriti’s website.
admired White House addresses ‘unique security challenges’ facing open source ecosystem in dedicated virtual summit
