European Commission launches new Open Source Bug Bounties

Awards of up to EUR 5000 are available for finding security vulnerabilities in Element, Moodle and Zimbra, open source solutions used by public services across the European Union. There is a 20% bonus for providing a code fix for the bugs they discover.

A new set of bug bounties were launched on 11 January 2021 using the Intigriti bug bounty platform. The bounties funded by the Commission’s ISA² programme focus on open source software widely used by European Public Services.

Element (Matrix) is an instant messaging platform used, for example, by public services in France and Germany; Moodle is an eLearning platform widely used by public administrations and universities worldwide; and Zimbra is a popular email server solution that includes group calendars and document collaboration.

It is the second time that the European Commission is organising bug bounties. Between 2018 and 2020 the Commission paid out EUR 200,000 in its first round of bug bounties as part of the EU-FOSSA 2 project. Fifteen bug bounties led to 600 reported bugs, 200 accepted as valid, of which 70 were marked as critical.

About the open source Initiative under the ISA2 Sharing and Reuse Action

The ISA² Programme supports the development of digital solutions that enable public administrations, businesses and citizens in Europe to benefit from interoperable cross-border and cross-sector public services. The Programme supports several actions under which it develops interoperability solutions that are generally available for free.

The Sharing and Reuse Action (2016.31) promotes interoperability, standardisation, and cooperation among public administrations. Eventually leading to faster and more efficient administrative procedures while public expenditure, time and effort for public administrations and public services. In addition to Bug Bounties programmes, there are other activities under the Sharing and Reuse action that support use of open source software by public administrations:

• New version of Guidelines for Sustainable Open Source Communities in the Public Sector
• OSS country intelligence reports
• Series of webinars on different OSS-related topics 
• An open source software inventory to identify Europe’s most critical open source software used across European Public Services;
• A feasibility study on funding mechanisms to sustain and protect Europe’s existing and new open source software; and
• Hackathons which bring together open source practitioners to solve software and interoperability issues for European public administrations.