The European Commission launches its first bounty bug with VLC

Discussion in 'IT / Hacker News' started by Rfosgitt, Dec 10, 2017.

  1. Rfosgitt

    Rfosgitt New Member


    The European Commission has announced its first bug bounty program. The initial beneficiary of this vulnerability and exploit search will be the VLC media player, possibly the most popular in its field.

    This measure is part of the EU-FOSSA program (EU-Free and Open Source Software Auditing), which has an annual budget of 1.9 million euros. EU-FOSSA has among its objectives, to improve the security of critical open source projects, for use by the institutions of the European Union, as well as the general public.

    Among the activities already carried out, there are audits of programs such as the KeePass password manager and the Apache web server (both were selected through a public survey, in which VLC was third).

    The VLC bounty bug will be made through the specialized HackerOne platform and will initially be executed in a restricted manner. Only security experts who have been invited by VLC will have access, taking into account their reputation and participation in similar programs.

    After the first three weeks, it will be open to anyone who wants to participate, examining the VLC code and communicating any errors that may be detected.

    The amount of the rewards ranges between 100 and 3000 euros, being able to present the vulnerabilities detected until the end of January. That is, provided that the money budgeted for that purpose is not exhausted beforehand.

    The VLC team will at its discretion qualify the errors presented, which will be rewarded according to their severity and impact.

    VLC is free and cross-platform software, being available for the main desktop and mobile operating systems. We hope that this audit will help to make it even better and safer, especially its new version VLC 3.0, which should be available shortly.

Share This Page