Interoperable Europe logo

Relaunch of Commission open source bug bounties programme

Support for open source

Gijs HILLENIUS
Published on: 24/07/2025 News
A blue image with in the background a looking glass and a bug, and a the article headline in white letters

The European Commission has awarded a framework contract for organising bug bounties on open source software. The contract, signed with two service providers in cascade, will enable the Commission to support open source projects, by organising bug bounties and other vulnerability disclosure activities to identify and fix vulnerabilities.

Bug bounties offer rewards to security researchers who identify vulnerabilities in software.

The European Commission's Open Source Programme Office participated in preparing the framework contract and will soon launch the first round of bug bounties. These are intended to support open source solutions used by the Commission and other public administrations in the European Union.

This first round is organised using information gathered through the ongoing FOSSEPS Preparatory Action.

One of the components of FOSSEPS, acronym for Free and Open Source Solutions for European Public Services, is to create an inventory of critical open source software used by European public services. This will allow them to ensure the software they rely on most, remains viable. The bug bounty programme will be used to contribute to FOSSEPS goals.

Available for all Commission services

This framework contract is available to all Commission services. The goal is to make it easier for any Commission department to use bug bounty activities and related vulnerability disclosure programmes to support the open source projects they are using. The contracted service providers will invite selected security researchers to test open source solutions used by the Commission.

The award notice was published on 19 June.

This is the Commission’s second multi-annual framework contract for bug bounty services around open source software. The first such contract was awarded in 2019, as part of the FOSSA-2 Preparatory Action. That contract was used, for example, to organise bug bounties on open source solutions including KeePass, FileZilla, glibc, and Apache Kafka.

The scope of the new contract allows bug bounties to be organised to Commission internal projects as well.

More information:

Bug bounty award notice
Bug bounty competition notice
About FOSSEPS 2
About FOSSA-2
 

Report abusive content Share
Login or create an account to comment.

Shared on

Last update: 26/03/2025

Open Source Observatory (OSOR)

Open Source Software
430
Collection
Last update: 06/03/2025

FOSSEPS - Free and Open Source Software Solutions for European Public Services

CollaborationDigital governmentOpen Source Software
69
Collection