EU-FOSSA projects enters its final phase

Jul 22, 2016 12:15 GMT  ·  By

The European Commission announced on Wednesday that its IT engineers would provide a free security audit for the Apache HTTP Server and KeePass projects.

The EC selected the two projects following a public survey that took place between June 17 and July 8 and that received 3,282 answers.

The survey and security audit are part of the EU-FOSSA (EU-Free and Open Source Software Auditing) project, a test pilot program that received funding of €1 million until the end of the year.

EU-FOSSA funded until December 2016 only

EU-FOSSA administrators used two criteria to make their choice. How much the software is used inside and outside of the EU institutions, and how critical the software is to the institutions and its users.

The program's goal is to increase the security of Free Software used by the European institutions. The project was proposed in 2014 by Julia Reda, member of the European Parliament for the German Pirate Party

The actual security audit will be carried out contractors hired by the IT departments at the European Commission and the European Parliament, Sebastian Raible, computer scientist and assistant for Julia Reda told Softpedia.

Worries that EU-FOSSA would produce unreadable, bureaucratic reports

Following the announcement of the survey results, Matthias Kirschner, Vice-President of the Free Software Foundation Europe, said he was worried that the security audit would translate to a "set of consultancy reports that nobody would ever read."

As a reply, EU-FOSSA representatives said they would be working in close cooperation with the two selected projects to make sure the engineers produce usable reports that contribute to the overall security of the two applications.

The EC also claimed that it would be looking for funds to continue the project beyond December 2016.

Other projects considered in the survey included MySQL, Git, ElasticSearch, Filezilla, WinScp, OpenSSH, Notepasd++, Firefox, 7-Zip, VLC Media Player, Glibc, the Linux kernel, Apache Tomcat, BounchyCastle, OpenSSL, Drupal, VeraCrypt, Apache Commons, and the TYPO3 CMS.

UPDATE [July 25, 2016]: Added statements from Mr. Raible.

Criteria for selecting the two programs
Criteria for selecting the two programs

Photo Gallery (2 Images)

Survey final results
Criteria for selecting the two programs
Open gallery