The EU-FOSSA project, initiated in 2016 by the European Parliament, aims to improve the security of the open source software that is used by the European institutions. EU-FOSSA is a pilot project, and that means that it intends to find out what are the most-efficient methods for a large organization such as ours to work with very diverse open source communities. How do we fit these specific needs in strict procurement and budgeting procedures? How do we make open source development methods our own? All of this to improve the internal security while making recurrent external contributions.
In one of the early tests, we got specialists to go over key parts of open source code that the Commission relies on. We have run a first bug bounty proof of concept, testing the public procurement rules in this new area. We figured out how to make an inventory of all of the open source software actually used (installed) on our computers. Along the way we actively shared project progress and outcomes with the outside world.
In 2019, we ran 15 bug bounty programmes, organised 3 hackathons, and reached out to a handful of other open source projects.
We are ready to share the results and lessons learned from the activities implemented by the EU-FOSSA project: bug bounties, hackathons and communication outreach. We will talk about the future perspectives, and aim to encourage other organisations that consider running similar projects.