EU-FOSSA 2 - the EU’s open source cybersecurity project ends

The EU-FOSSA 2 project to inventory, audit and improve the security and safety of the most critical open source software in use at the European institutions, has ended.

The project was closed at a final Steering Committee meeting on 2 June 2020 by Mario Campolargo, acting Director-General of DG Informatics of the European Commission in the presence of Marcel Kolaja, MEP and Vice-President of the European Parliament, MEP Andrus Ansip, MEP Eva Kaili, former MEP Julia Reda, and Thomas Gageik, Director for Digital Business Solutions, DG Informatics. They discussed options for building on the work done by EU-FOSSA 2 and re-affirmed their support for future initiatives

The MEPs complimented the project for its results, achievements, and positive impact on the European free and open source software ecosystem. Julia Reda, the first sponsor of the programme, said:

In all the years that I have worked on tech policies in the European Parliament, it was probably the project where there has been most unequivocal positive public reaction to European policy.

EU-FOSSA 2 aimed at exploring innovative methods for finding and fixing open source software vulnerabilities and at connecting with the wider open source developer community. Some of the key achievements of the project include:

• Expanding the scope of the project by connecting with the European Parliament, European Council, European External Action Service, European Economic and Social Committee, Committee of the Regions and the European Investment Bank;
• Fresh inventories of open source software for the Commission and the European Council;
• A comprehensive study on the trends and usage of open source software within public administrations worldwide;
• Establishing Licencing and IT Support requirements for future EU open source projects;
• Fifteen bug bounty programmes resulted in the discovery of 200 hidden bugs, including a 20-year-old bug in PuTTy. The project paid over €200 000 in rewards to ethical hackers.
• Three hackathons took place with open source developers from PHP Symfony, the Apache Software Foundation and the EU internal open source projects. For the first time, the Commission shared its own source code during development with the community. 

EU-FOSSA 2 covered a lot of ground with a relatively small budget. It put the EU firmly on the European open source map and made EU’s open source software safer, while creating a proven security toolkit. Thomas Gageik, Director for Digital Business Solutions, said:

EU-FOSSA 2 was instrumental in our transition and maturity in terms of embracing open source principles, and in the way we work.

The results from the EU-FOSSA 2 project contributed to the upcoming new Open Source Strategy of the European Commission.

More about EU-FOSSA 2.