Similarities between open source projects and public administrations
Open source software development projects and public administrations have similar concerns about software support. The two also share an approach to classify software requirements, concludes the EU-FOSSA project, a software security audit project on open source by the European Commission and the European Parliament.
The past months, EU-FOSSA has been comparing development methods and security concerns in 14 open source communities with those of 14 software projects in the European Commission and European Parliament. Findings were presented in Brussels on 3 June.
Consultants from ICT companies Everis (Spain), KPMG (Italy) and Trasys (Belgium) are proposing a formal process that will let the European institutions contribute the results of their software security reviews back to the open source communities.
Feedback-loop
The first reports drafted by the EU-FOSSA project are available in the ’project deliveries’ section of the EU-Fossa website. The main of these reports is Design of the Method for Performing the Code Reviews for the European Institutions’.
This summer, the project will organise a security audit of one open source software component. The European Commission will organise a poll, to get open source groups and others to help select the component.
Long-term goals
The EUR 1 million EU-FOSSA project is managed by the European Commission's Directorate-General for Informatics (DIGIT). It was initiated by the European Parliament in December 2014.
DIGIT has made contribution to open source software development projects one of the priorities of its open source strategy.