Exciting news for some lucky free/open source projects! The European Commission has announced they will be awarding between 3000 EUR and 25,000 EUR for anyone reporting security vulnerabilities in certain free/open source projects. There’s a 20% bonus for anyone who finds and fixes a security issue too!

Before this, the European Commission conducted an inventory of the open source projects that they use. After, they conducted a code review of two key projects, KeePass (used for storing and generating random passwords) and the Apache web server (which is still heavily used).

Also, the European Commission is planning to host 3 hackathons in 2019.

Here’s the list of free/open source projects that are part of the Commission’s bug bounty program:

• KeePass, password manager
• Notepad++, text editor
• Filezilla, FTP client
• Apache Kafka, distributed streaming platform for real-time data feeds
• PuTTY, client for SSH and telnet and SCP
• VLC, video/media player
• Apache Tomcat, web application server
• PHP Symfony, web framework
• WSO2,
• Drupal,
• 7-zip, popular unzip/compression tools
• DSS
• FLUX TL
• glibc
• midPoint