Program will pay researchers to find security flaws in open source software
Köln, Germany —29 January 2019— FileZilla®, the popular cross-platform file access and transfer software application, has joined the EU-funded bug bounty program to make open source software more secure.
The European Commission, which proposes and enforces laws for the European Union, has made treating critical open source software as a public good a top priority. Realising the importance of the security and reliability of all digital infrastructures was the driving factor behind the Commission’s decision to identify open source programs that are critical to the European Commission, and to fund initiatives to make them more secure.
FileZilla is proud to announce it has been elected to participate in the program, called the EU-Free and Open Source Software Auditing project (EU-FOSSA 2). The bug bounty program will pay software developers prizes to identify security bugs in open source items that are in use by the EU, both security-related and those with a large user base.
Previous EU-FOSSA deliverables enlisted all open source programs that are potentially critical due to their presence and use at the European Institutions, and FileZilla made it to the EU’s OSS shortlist ranking.
“Finding bugs, which even the best developers sometimes inadvertently introduce, is a task that benefits a lot from having more developers look at the code,” said Tim Kosse, FileZilla founder and team leader. “As software developer and author Eric S. Raymond famously said, ‘Given enough eyeballs, all bugs are shallow.”
Kosse continued: “The challenge, however, lies in attracting these eyeballs. As such, backing bounty programs to make sure popular open source applications like FileZilla are safe to use is a great thing”.
Researchers who find bugs in OSS programs will receive prizes from the European Commission ranging from 25,000 to 90,000 euros. FileZilla hackable targets can be found at the following page: https://hackerone.com/filezilla_h1c/
“As maintaining and enhancing a program like FileZilla requires a lot of time and dedication, we created a pro version to match professionals’ needs and to fund the project, so everyone buying FileZilla Pro helps us to keep working on FileZilla” said Roberto Galoppini, Director of Strategy at FileZilla. “Depending on the outcomes of this initiative, we might decide to fund bug bounties ourselves, as our users’ and customers’ security is paramount to us.”
About FileZilla Pro
FileZilla Pro allows system administrators, Web developers, designers, and other professional users to transfer files across all types of remote servers and computing environments. For more information about FileZilla Pro services, visit https://filezillapro.com.
© FileZilla. All rights reserved. FileZilla and the FileZilla logo are registered trademarks in the USA and the European Union. All other brands and trademarks are the property of their respective owners.
# # #
CONTACT:
Roberto Galoppini
social@filezilla-project.org