Skip to main content
News article19 January 2022BrusselsDirectorate-General for Digital Services

European Commission's Open Source Programme Office starts bug bounties

Awards of up to EUR 5000 are available for finding security vulnerabilities in LibreOffice, LEOS, Mastodon, Odoo and CryptPad, open source solutions used by public services across the European Union. There is a 20% bonus for providing a code fix for the bugs they discover.

A new set of bug bounties was launched on 13 of January using the Intigriti bug bounty platform. In total, an amount of EUR 200,000 was funded by the European Commission Open Source Programme Office (EC OSPO) to focus again on the security of open source software widely used by public services.

About this set of bug bounties

Researchers are called to find security vulnerabilities such as leaks of personal data, horizontal/vertical privilege escalation and SQLi. The highest reward will be EUR 5000 for exceptional vulnerabilities and a 20% bonus if the fix is also provided.

One criteria in selecting bug bounties was their use within European public services. LibreOffice, Mastodon, Odoo and Cryptpad amply met this criterion and were therefore selected.

In addition, the EC OSPO decided to select LEOS, a legal editor used by European Commission, Parliament, Council and several member states.

  • LibreOffice is a free and powerful office suite. Its clean interface and feature-rich tools help you unleash your creativity and enhance your productivity.
  • Mastodon is a free, open-source social network server based on ActivityPub where users can follow friends and discover new ones.
  • Odoo is an ERP business management solution with a eCommerce and CRM system built in.
  • Cryptpad is a secure and encrypted open-source collaboration platform that allows people to work together online on documents, spreadsheets, and other types of documents.
  • LEOS is a software tool helping those involved in drafting legislation, which is usually a complex process requiring efficient online collaboration.

First things first

The European Commission Open Source Programme Office (EC OSPO) was created in 2020 as the first concrete action of the latest Open Source Software Strategy for 2020-2023. It acts as a facilitator for activities outlined in the strategy and the action plan guided by six principles: open, transform, share, contribute, secure, stay in control. In practice, the Commission aims to reinforce an internal working culture that is already largely based on the principles of open source and achieve the goals of the strategy by the following concrete actions:

  • Set and promote the inner source default;
  • Enhance the software repository;
  • Revise software distribution practices;
  • Enable and create innovation with open source labs;
  • Develop skills and recruiting expertise;
  • Increase outreach to communities;
  • Integrate open source in internal IT governance;
  • Ensure OSS security.
open source bug bounty contest

Details

Publication date
19 January 2022
Author
Directorate-General for Digital Services
Location
Brussels