The EU Will Foot the Bill for VLC Player's Public Bug Bounty Program

The European Union has announced this week that it will foot the bill for a bug bounty program that will run for the benefit of VLC Media Player, an open source cross-platform multimedia player.

The bug bounty program will run on the HackerOne platform and is sponsored by the EU-FOSSA (EU-Free and Open Source Software Auditing) project.

EU-FOSSA paid security audits for Apache server, KeePass

The EU launched the EU-FOSSA project last year with the intent of improving the security of software applications used by EU institutions.

The program received initial funding of €1 million, which it used to run a survey and pay for security audits for the top two projects.

Over 3,800 people voted, and EU-FOSSA paid security audits for the Apache HTTP Server and KeePass projects. VLC ranked third in this survey and was not selected.

EU-FOSSA pays for bug bounty

The EU-FOSSA project was a resounding success and was brought back again for 2017. This time around, FOSSA experts decided to fund a bug bounty program for open-source projects that could not afford one for themselves.

They took submissions during June and July, and this week they announced their selection.

"The European Commission has launched its first ever bug bounty. It will award between EUR 100 and EUR 3000 for bugs found in VLC media player. The programme will run until the first weeks of January or until the bounty budget is exhausted," EU-FOSSA officials said on Tuesday.

"Which bugs will qualify for an award is at the discretion of the VLC team," and "qualified security vulnerabilities will be rewarded based on severity and impact."

EU-FOSSA received funding for €2 million for 2017, but the bug bounty program's budget is capped at €60,000. More details are available on the bug bounty's HackerOne page.