The European Parliament approved a budget increase for auditing the open source software used by its institutions. The budget also covers a new bug bounty program, which is meant to encourage outside security researchers to report bugs in software that the European Union uses in its IT infrastructure.
Two years ago, Swedish Green Party and “European Free Alliance” members Julia Reda and Max Andersson, proposed an audit of the “free” (as in freedom) software that runs in EU’s institutions. Recent data breaches in large companies, as well as the U.S. OPM hack, have shown just how important digital security has become in the modern Internet age.
Finding bugs and other security weaknesses in critical software used by important EU institutions needed to become a priority as well, because otherwise citizen data or the functions of the EU administration could have been at high risk.
The free and open source software audit (FOSSA) project seems to have already surpassed expectations, as it has not only increased security for the software used by EU IT infrastructure, but it has also led the EU to develop its own criteria for assessing the quality of free software.
The EU first funded the audit with one million euros, and that sum has now almost doubled to 1.9 million euros. However, the new budget will also cover a new bug bounty program proposed by Dutch MEP Marietje Schaake:
“Bugs or flaws in software are used by criminals to infiltrate computers and entire ICT networks,” said Marietje Schaake, a member of the Alliance of Liberals and Democrats for Europe.
“The EU institutions must do what they can to have the most robust security. A bug bounty programme incentivises the discovery of software bugs through handing out financial rewards to every security researcher that is able to spot such a bug. This programme will allow for a much broader involvement of the security community in the common objective of ensuring a more secure IT infrastructure,” she added.
Over the next three years, the MEPs behind the FOSSA and bug bounty projects will reach out directly to free software developers and security professionals to build up the next generation of coders. By then, the EU may also permanently fund the audit and bug bounty. Right now, they are still only pilot projects, and it takes a couple of stages for projects to prove themselves worthy of continuous EU funding.