The Belgian platform Intigriti allows hackers to look for vulnerabilities within popular open source software.
Anyone who discovers a vulnerability in a digital service, operating system or other tool is often eligible for a reward better known as a “bug bounty. Companies usually partner with platforms for this purpose with the necessary challenges as well as the amounts associated with them. The more serious the bug, the more money you can earn.
Open source software is almost always excluded from this, because there is no commercial model behind the application and therefore no budget to pay rewards. However, today we use a lot of open source software in our daily lives. The European Commission has therefore freed up a budget to make rewards possible for hackers, according to Datanews.
The Belgian platform Intigriti allows hackers to work on popular software including Cryptpad, LEOS, LibreOffice, Mastodon or the Belgian Odoo. The full list can be found on Intigriti. Per vulnerability, hackers can earn up to 5,000 euros with an additional bonus of 20 percent if you also provide the solution. In total, the European Commission provides a budget of 200,000 euros.
Europe is not at its experimental stage with this project. In 2019, it already launched a similar project for VLC Media Player, PuTTY, Apache Kafka and 7-zip, among others.
The European sponsorship is part of the fourth edition of the Free and Open Source Software Audit (FOSSA) project. FOSSA was first approved by the EU in 2015 after security researchers discovered serious vulnerabilities in the OpenSSL library a year earlier. That open source project is widely used to support HTTPS.