docDec 21, 2022
Noel Lopez

One of the benefits of #Mastodon being #OpenSource: The EU can help make it more secure.

"Awards of up to EUR 5000 are available for finding security vulnerabilities in LibreOffice, LEOS, Mastodon, Odoo and CryptPad, open source solutions used by public services across the European Union. There is a 20% bonus for providing a code fix for the bugs they discover."
https://commission.europa.eu/news/european-commissions-open-source-programme-office-starts-bug-bounties-2022-01-19_en
#EU #OpenCollaboration

European Commission's Open Source Programme Office starts bug bounties

Ethical hackers wanted, for fixing bugs in LibreOffice, LEOS, Mastodon, Odoo and CryptPad.

European Commission
Dec 20, 2022 at 5:07pmWeb
Show threadSimon PhippsDec 20, 2022
@noellopez
While this originally appeared a good thing (it was a cool hack pioneered by @senficon to get at least some funding for #OpenSource), the fact that 7 years after the inception of FOSSA the EU still hasn't found a way to pay the maintainers to fix the bugs they are paying to have found is a problem.
Show threadMatt "msw" WilsonDec 21, 2022
@webmink @noellopez @senficon this is worth a read. https://news.apache.org/foundation/entry/free_and_open_source_security
Feedback from The Apache Software Foundation on the Free and Open Source Security Audit (FOSSA) - The Apache Software Foundation Blog

by Dirk-Willem van Gulik <dirkx(at)apache(punto)org> December 2016, v1.09 Background The important role of open source software in key infrastructures was brought to collective attention by two major security vulnerabilities in the core of the internet infrastructure. Heartbleed and Shellshock of 2014 caused significant concern. It made a lot of people realise how important the collective […]

The Apache Software Foundation Blog
Show threadAndrew BartlettDec 21, 2022

@msw @webmink @noellopez @senficon This matches my experience on Samba.

The code I feel the biggest need to review carefully is entitled 'fix coverity #xxxx' or 'address compiler warning with -O3 on yyy' (where that is often a really new or really old gcc).

Perhaps it was though early access to Coverity (which is actually really good at spotting issues, even if I want to look are the fixes carefully), that thankfully Samba, has not had floods of such low-quality reports.

Show threadNoel LopezDec 21, 2022
@abartlet @msw @webmink @senficon @dvdjaco Thank you all for sharing your knowledge and experience. I found it very informative. The EU does also provide direct funding to Mastodon and other open-source projects through NGI, and it would be good to see them expand on this.
https://www.ngi.eu/blog/2022/11/24/how-ngi-supports-open-interoperable-decentralised-and-trust-based-internet-applications-through-fediverse-projects-like-mastodon/
How NGI supports open, interoperable, decentralised and trust-based Internet applications through Fediverse projects like Mastodon

Within the Next Generation Internet Initiative, we have been working towards alternative futures for the internet to create a resilient, trustworthy and sustainableinternet. These alternate futures have one thing in common: they are based on technology commons: open standards, free and open source software and hardware, and open data.

Next Generation Internet
Show threaddvdjacoDec 21, 2022
@webmink @noellopez @senficon
My thoughts exactly. Bug/vulnerability bounties are very much needed, but the EU needs to find other ways to show long term commitment with key #FreeSoftware projects and communities.
Show threadSeclovinDec 20, 2022
@noellopez This is an awesome! #Europe #infosec
Show threadJohn G FitzgeraldDec 20, 2022
@noellopez EU offers practical support for the #fediverse. Good thinking.
Show threadkestrel Dec 20, 2022
@noellopez eu governments use open source software?
Show threadSheean SpoelDec 21, 2022
@kestrel there’s even an official Mastodon instance: https://social.network.europa.eu/@EU_Commission
European Commission (@[email protected])

2.22K Posts, 5 Following, 102K Followers · News and information from the European Commission. Part of an EU pilot project for supporting and using social media platforms based on open-source software. 🇪🇺 Official Mastodon account, as verified by: • The official EU domain in our server’s address: https://europa.eu • The European Union social media directory: https://europa.eu/!cqPgxB

EU Voice
Show threadNoel LopezDec 21, 2022
@sheean @kestrel Yes, you can read more about their initiative to transition to open-source software here: https://commission.europa.eu/about-european-commission/departments-and-executive-agencies/informatics/open-source-software-strategy_en
Open source software strategy

The European Commission will encourage and leverage the transformative, innovative and collaborative power of open source.

European Commission
Show threadfuomag9Dec 21, 2022

@noellopez *finds a CVE in Funkwhale but no money pain noises* 

Apart from that, super cool from the EU!

Show threadStefano Pacifico 🧬 🇺🇦Dec 21, 2022
@noellopez is this open only to EU residents or worldwide?
Show threadNoel LopezDec 21, 2022

@stefpac This was from earlier this year. I shared this as an example of the advantages that open-source software has over proprietary software.

But I think it was open to everyone. This is the service that the EU used, and there are other bug bounties available on there too: https://www.intigriti.com/

Bug Bounty & Agile Pentesting Platform

Intigriti is a global bug bounty platform, helping enterprises secure systems with ethical hackers, VDPs, and penetration testing.

Intigriti
Show threadRuud PDec 21, 2022
@noellopez wouldn’t it be great if the EU should sponsor a Mastodon server for all Europeans to connect. The rules should be that you can have an account under any name as long as your identity can be proved.
Show threadNoel LopezDec 21, 2022
@ruudp Yeah, I think it would be great if governments funded federated social networking as a public service!
Show threadChad KirbyDec 21, 2022
@noellopez ❤️🇪🇺
Show threadMatthew EvanDec 21, 2022
@noellopez based Europeans
Show threadkropot Dec 22, 2022
@noellopez 500€? 
Show threadMiss KoulaDec 22, 2022
@noellopez open source doesn't need the guidance of EU... EU need to learn n follow open source, #blockchain, #feviderse in order to achieve true federation if that is a case
Show threadMiss KoulaDec 22, 2022
@noellopez 💵💸💰💲maybe???
Show threadNoel LopezDec 23, 2022

@misskoula I think the EU is providing support more than guidance.

"NGI will keep nurturing diversity and decentralisation of the internet infrastructure. We see the potential for a sustainably open environment for our societies and economies, celebrating our values, promoting creativity, and achieving the next generation of the internet that is reliable, secure and energy efficient. Discover NGI solutions to see over 700 funded innovators re-inventing the internet."
https://www.ngi.eu/blog/2022/11/24/how-ngi-supports-open-interoperable-decentralised-and-trust-based-internet-applications-through-fediverse-projects-like-mastodon/

How NGI supports open, interoperable, decentralised and trust-based Internet applications through Fediverse projects like Mastodon

Within the Next Generation Internet Initiative, we have been working towards alternative futures for the internet to create a resilient, trustworthy and sustainableinternet. These alternate futures have one thing in common: they are based on technology commons: open standards, free and open source software and hardware, and open data.

Next Generation Internet
Show threadOrdinary WonderDec 22, 2022
@noellopez nice!