• EU is going to fund a bug bounty program for 7-Zip, KeePass, Notepad++, VLC Media Player and more

    Posted on December 30, 2018 at 08:23 CST by Comment in the Forums

    Bug bounty programs — where software bug catchers get rewarded for identifying security holes and disclosing them to the manufacturer — have proven popular and worthwhile, although they do have some downsides.

    Bug bounty programs are usually carried out by software manufacturers, who pay to have a chance to fix their mistakes before the bad guys have a chance to clobber their products.

    Folks who make open source software don’t have the same presumably-deep pockets as their commercial counterparts. When it comes to bug bounty programs, there’s no bounty to tap.

    Enter the European Union. As part of the Free and Open Source Software Audit project, EU will offer bug bounty programs for several Windows products I use all the time — 7-Zip, KeePass, Notepad++, VLC Media Player — and a bunch of products that I may use indirectly, including Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), midPoint, PuTTY, the Symfony PHP framework, and WSO2.

    As Catalin Cimpanu explains on ZDNet:

    Starting with January, security researchers and security companies can hunt vulnerabilities in these open source projects and report them to the bug bounty programs… in the hopes of a monetary reward, if the bug report is approved and results in a patch.

    Other , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.