The EU has announced a nice amount of funding for 14 open-source projects as part of the 3rd FOSSA,
The 14 projects that they have listed, in a tidy alphabetical order are – 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player, and WSO2,
These applications build on the previous 2 FOSSA events adding a huge selection of open source applications for audit, if you haven’t heard of some of these they are well worth checking out!
FOSSA returns for its third edition with budgets for 14 bug bounty programs, with the highest budgets being reserved for PuTTY and the Drupal CMS.
Software Project | Bug Bounty Amount (Euro) | Start Date | End Date | Bug Bounty Platform |
---|---|---|---|---|
Filezilla | 58.000,00 € | 07/01/2019 | 15/08/2019 | HackerOne |
Apache Kafka | 58.000,00 € | 07/01/2019 | 15/08/2019 | HackerOne |
Notepad++ | 71.000,00 € | 07/01/2019 | 15/08/2019 | HackerOne |
PuTTY | 90.000,00 € | 07/01/2019 | 15/12/2019 | HackerOne |
VLC Media Player | 58.000,00 € | 07/01/2019 | 15/08/2019 | HackerOne |
FLUX TL | 34.000,00 € | 15/01/2019 | 15/10/2019 | Intigriti/Deloitte |
KeePass | 71.000,00 € | 15/01/2019 | 31/07/2019 | Intigriti/Deloitte |
7-zip | 58.000,00 € | 30/01/2019 | 15/04/2020 | Intigriti/Deloitte |
Digital Signature Services (DSS) | 25.000,00 € | 30/01/2019 | 15/10/2019 | Intigriti/Deloitte |
Drupal | 89.000,00 € | 30/01/2019 | 15/10/2020 | Intigriti/Deloitte |
GNU C Library (glibc) | 45.000,00 € | 30/01/2019 | 15/12/2019 | Intigriti/Deloitte |
PHP Symfony | 39.000,00 € | 30/01/2019 | 15/10/2019 | Intigriti/Deloitte |
Apache Tomcat | 39.000,00 € | 30/01/2019 | 15/10/2019 | Intigriti/Deloitte |
WSO2 | 58.000,00 € | 30/01/2019 | 15/04/2020 | Intigriti/Deloitte |
midPoint | 58.000,00 € | 01/03/2019 | 15/08/2019 | HackerOne |
Starting with January, security researchers and security companies can hunt vulnerabilities in these open source projects and report them to the bug bounty programs linked above, in the hopes of a monetary reward, if the bug report is approved and results in a patch.