The European Commission is beginning the new year with a major commitment to fight fraud – and is turning to the world of white hat hackers to help them do it. The EC announced this week that it has allocated up to €850,000 ($966,000) for bug bounties: cash awards to programmers, developers, and others who are able to identify security vulnerabilities in 14 open source projects.
The EC’s bug bounty program will run in part via the platform provided by FinDEVr alum and ethical hacker HackerOne. The programs will cover open source software common in European infrastructure including streaming software Apache Kafka, content management framework Drupal, and a free SSH and telnet client for Windows called PuTTY. In addition to HackerOne, ethical hacking and bug bounty platform, Intigriti, will also be used for some projects.
Above: HackerOne co-founder Michiel Prins during his presentation on ethical hacking and bug bounties at FinDEVr London 2017.
The funds for the bug bounty program come from the EU Free and Open Source Software Audit (FOSSA) project run by the EC’s Directorate of General of Informatics (DIGIT). The initiative was launched in 2014 by German politician, EU parliamentarian, and Pirate Party member, Julia Reda, after security vulnerabilities were found in key open source software projects including the Open Source encryption library, OpenSSL.
“The Internet is built on Free and Open Source Software,” said Reda (pictured). “It is part of our every day lives. Therefore the European Commission and public administrations in general have a responsibility to ensure its stability, reliability and security – by investing in it.”
The EU bug bounty programs for HackerOne begin next week and run through mid-August for projects involving Filezilla, Apache Kafka, Notepad++, midPoint, and VLC Media Player, and until mid-December for PuTTY.
HackerOne participated in our developers conference, FinDEVr London 2017. Co-founder Michiel Prins presented Tapping Hackers to Improve Security, which introduced the concept of ethical “white hat” hackers and bug bounty programs as a way for institutions to uncover security vulnerabilities in their networks and systems.
Last fall the company announced that it secured a million dollar bug bounty contract with the Technology Transformation Service (TTS) of the U.S. General Services Administration. Over the summer, HackerOne worked with the U.S. Department of Defense, as part of its Hack the Marine Corps initiative to improve the cybersecurity on the public-facing websites on the Marine Corps Enterprise Network (MCEN).
Founded in 2012 and headquartered in San Francisco, California, HackerOne has raised $74 million in funding. The company includes New Enterprise Associates, Benchmark, and Dragoneer Investment Group among its investors.