The European Union has announced a series of bug bounty programs for free and open source software, including popular applications like VLC Media Player, Filezilla, PuTTY, and 7-zip.
The financial rewards will be offered to security researchers who discover vulnerabilities in the 14 projects that the EU has included in this first stage of the program.
The bounties are offered as part of the Free and Open Source Software Audit project (FOSSA), originally launched in 2015 following the discovery of security flaws in OpenSSL encryption.
Julia Reda, a German member of the European Parliament, says the bug bounty program will include 14 projects that the EU itself relies on.
“The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software. The software projects chosen were previously identified as candidates in the inventories and a public survey,” she says.
Bug bounties up to 90,000 Euros
Most of the bug bounties kick off in January next year and expire in 2019, but there are also programs that last until 2020. You can check out the table below for full dates.
As for the bug bounties that are being paid to security researchers, they begin at 25,000 Euros for vulnerabilities found in Digital Signature Services (DSS) and go all the way up to 90,000 Euros for flaws discovered in Putty. A security hole in VLC Media Player is worth 58,000 Euros.
Further information on the bug bounty programs will be provided in the coming days, as the first projects kick off in approximately one week.
While resolving critical security vulnerabilities is an effort that would help the European Union in the first place, users will benefit from all the work in this regard as well, especially as the list of supported projects include very popular products like VLC Media Player.