Europe bets on bug bounties in fraud fight
The European Commission (EC) is beginning the new year with a major commitment to fight fraud – and is turning to the world of white hat hackers to help them do it, reports David Penn at Finovate.
The EC has allocated up to €850,000 ($966,000) for bug bounties: cash awards to programmers, developers, and others who are able to identify security vulnerabilities in 14 open source projects.
The EC’s bug bounty programme will run in part via the platform provided by ethical hacker HackerOne.
The programmes will cover open source software common in European infrastructure including streaming software Apache Kafka, content management framework Drupal, and a free SSH and telnet client for Windows called PuTTY.
In addition to HackerOne, ethical hacking and bug bounty platform, Intigriti, will also be used for some projects.
The funds for the programme come from the EU Free and Open Source Software Audit (FOSSA) project run by the EC’s Directorate of General of Informatics (DIGIT).
The initiative was launched in 2014 by German politician, EU parliamentarian, and Pirate Party member, Julia Reda, after security vulnerabilities were found in key open source software projects including the Open Source encryption library, OpenSSL.
“The Internet is built on free and open source software,” says Reda. “It is part of our every day lives. Therefore the European Commission and public administrations in general have a responsibility to ensure its stability, reliability and security – by investing in it.”
The EU bug bounty programmes for HackerOne begin this week and run through mid-August for projects involving Filezilla, Apache Kafka, Notepad++, midPoint, and VLC Media Player, and until mid-December for PuTTY.
Last fall/autumn HackerOne announced that it secured a million dollar bug bounty contract with the Technology Transformation Service (TTS) of the US General Services Administration.
Over the summer, HackerOne worked with the US Department of Defense, as part of its “Hack the Marine Corps” initiative to improve the cybersecurity on the public-facing websites on the Marine Corps Enterprise Network (MCEN).
Founded in 2012 and headquartered in San Francisco, HackerOne has raised $74 million in funding. The company includes New Enterprise Associates, Benchmark, and Dragoneer Investment Group among its investors.