Bug bounties: finding and fixing security holes with European Commission funds
Free and open source software (FOSS) is about much more than driving costs down, in some cases even down to zero – it’s about giving control back to users, developers and even nations. With FOSS, everyone gains the freedom to study, improve and share the software – and to use it whenever and wherever they want, without being restricted by vendor lock-in strategies.
FOSS has been widely used amongst government bodies and public services, so thanks to the coordination of their recently formed Open Source Programme Office (OSPO), the European Commission has started a series of hackathon and “bug bounty” programmes to help selected projects find (and potentially fix) security issues.
The Commission’s OSPO has set aside €200,000 to reward developers and researchers who find critical security vulnerabilities in free software projects (such as LibreOffice and Mastodon).
Rewards go from €250 up to €5000 for security bug disclosures, with 20% added on top if the researchers provide also a fix for the bug.
This will surely help to further improve the security and reliability of FOSS tools, benefiting everyone from individual users to larger governmental and public bodies, and to make FOSS known to those that haven’t yet discovered how much it has to offer.
Paolo Vecchi, from The Document Foundation’s Board of Directors, which liaised with the European Commission’s OSPO, adds:
It is a real pleasure to see that the European Commission is following up their open source software strategy 2020-2023 with concrete actions. The creation of the OSPO, which is led by very knowledgeable and passionate people, was the first step required to then progress into other programmes, like this bug bounty, which will provide the needed support for an open source ecosystem that has become the foundation of all the platforms and software we use.
The Document Foundation and our community are grateful for the opportunity that has been provided with to make LibreOffice even more secure and ready to potentially become the preferred open source office suite also within European institutions.
We encourage all developers to head to the bug bounty page and help us to make open source even more secure for all.
To learn more about security in LibreOffice, see here. We’ll post more updates about this programme on this blog and our social media – stay tuned!
Can the document foundation approach the European Commission on funding for additional development besides bug bounty fixes under their 2020-2023 strategy? This could be another revenue stream to pursue. There is a very real need to have alternatives to big tech, in this case Microsoft with their office suite.