For the next two weeks, the European Commission is raising its EU-FOSSA bug bounty awards. It is giving a 50% bonus for critical bugs, and a 30% bonus for other vulnerabilities. This means that certain bugs submitted with a fix can earn a developer up to EUR 45.000.
The EU-FOSSA 2 bug bounty program is now in its fourth month. So far it has received over 400 bug reports and has paid close to EUR 100.000. Some programs have already exhausted their budget and others are expected to end over the next few weeks. So now it is time to focus on the remaining open source solutions. That’s why the European Commission, together with the bug bounty platforms, decided to raise the bounties for a period of two weeks for some of the software programs that have not received as many vulnerability reports. “We hope this gets the attention of these communities to search for security issues. It will also encourage developers to focus on these projects” according to the EU-FOSSA 2 project team.
The reward for critical and exceptional bugs will be raised by 50%. For all other levels of criticality, there will be a 30% bonus. On top of that, if a developer provides a patch for the submitted vulnerability, the current 20% bonus for providing fixes will be applied to this new bounty amount. For example, a developer that finds and fixes an exceptional bug in KeePass could make EUR 45.000.
The EU-FOSSA 2 promotes the scrutiny of open source software intensively used in the European institutions.
Below you can find the link to the programs that are awarding new prizes. They will be effective from 10 to 24 April.