Bug bountiesare a way for companies to check the security of their software by offering cash to freelancers who hunt for security exploits and then report them so that they can be fixed. The idea is that everyone benefits from this process: the company gets its software checked by a larger variety of people than they could employ by themselves, the bug hunters get offered legitimate cash for finding a security flaw instead of selling that information on the black market, and the public gets software which has been more thoroughly checked for security issues. Big tech companies likeGoogleandIntelhave been running bug bounty programs for years.
Now the European Union is getting in on the action too. From January 2019, the EU will be launching a bug bounty program as part of theirFree and Open Source Software Audit project(FOSSA), focused on security issues with open-source software. The FOSSA project was started back in 2014 when security vulnerabilities were found in the OpenSSL Open Source encryption library which is used for the encryption of internet traffic. As free and open-source software performs a number of vital functions for every internet user, the European Parliament and others decided to take on the challenge of auditing the free software that they use for security issues.
you may find a list of the programs included in the project and the amount offered as a bounty for each one at thewebsite of Julia Reda, an internet activist and Member of the European Parliament (MEP) from Germany. The software that is part of the project includes well-known programs like VLC Media Player and 7-zip, and the bounties offered for finding an exploit range from €25,000 (about $28,000) to €90,000 (just over $100,000).
