Interoperable Europe logo

EU-FOSSA 2 project has come to an end

EU-FOSSA 2 Project Close

Ana RAMOS
Published on: 23/06/2020 News Archived

The EU-FOSSA pilot project was set up in the wake of the 2014 Heartbleed bug, which caused over €500M of damage worldwide. EU-FOSSA 2, the preparatory action, continued the remit to improve the security of critical open source software used by European Institutions as well as the public.

Now, after over two years of hard work, activities, events and contributions towards the European open source community, the EU-FOSSA 2 project has come to a fitting end. Mário Campolargo, acting Director General, DIGIT closed the project at the final project steering committee meeting on 2th June 2020.

The DIGIT team led by project owner Thomas Gageik, Director of Digital Business Solutions, included managers, colleagues and the project team. Former MEP Julia Reda one of the original sponsors of the EU-FOSSA initiative was also present, along with MEP Marcel Kolaja, Vice-President of the European Parliament, MEP Andrus Ansip and MEP Eva Kailee.

By all accounts, the project has met its objectives and has been a resounding success!  For one, due to the EU-FOSSA initiative, our open source software is safer.  MEP Andrus Ansip said:

“…Thanks to EU-FOSSA and EU-FOSSA 2 we were able to identify hundreds of
vulnerabilities, and it was much more efficient for the open source software
community, rather than having individuals dealing with those alone…”

Besides safety, the project has deeply influenced the Commission’s thinking about open source, leading to a bolder open source strategy. DIGIT Director of Digital Business Solutions Thomas Gageik declared during his presentation:

“…EU-FOSSA 2 was instrumental in our transition and maturity in terms
of embracing open source principles, and in the way we work…”

Over the last two years, the Commission engaged in previously unimaginable activities such as running bug bounties and hackathons to find and fix bugs. We also built deep relationships with the open source community and debated their key concerns in a workshop. For a relatively small budget, the project covered a lot of ground. Some project highlights include conducting:

  • Fresh inventories of open source software for the Commission and the European Council;
  • A worldwide study on the trends and usage of open source software in public administrations;
  • A study to establish Licencing and IT Support requirements for future open source projects;
  • 15 Bug bounties uncovered over 200 bugs, of which 70 were critical/high and paid over €200k in rewards to find and fix software vulnerabilities. One vulnerability in PuTTY lay undiscovered for over 20 years; 
  • Three Hackathons, for  PHP Symfony, Apache Software Foundation projects, and EU internal open source projects where the Commission exposed its source code during development, at first; 
  • A broad communication campaign covering surveys, conference presentations, meeting open source developers at events and direct contact with micro open source communities.
EU-FOSSA 2 achievements

A key outcome of the project is that we now have a proven and reusable security toolkit, and a much deeper understanding of and relationship with, Europe’s open source communities.

All MEPs and those present at the meeting recognised that security is not a one-time event, but should be an ongoing programme of activity. Some of EU-FOSSA’s activities will continue under the ISA2 programme. The MEPs promised to support this and other initiatives arising out of the project. To quote MEP and Vice President Marcel Kolaja, 

“…I would be really glad to be part of any future project at least half as successful as this one…”

The final slide of the meeting showed a tagline “May the Source be with EU”.

You can read more about EU-FOSSA 2 here.

Report abusive content Share
Login or create an account to comment.