EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.18.19

Freedom is Not a Business and Those Who Make ‘Business’ by Giving it Away Deserve Naming

Posted in Free/Libre Software, GNU/Linux at 7:17 am by Dr. Roy Schestowitz

There’s more money to be made by taking people’s freedom away rather than by giving it to them

Glass Conference
Fancy cages are still cages

Summary: Free software is being parceled and sold to private monopolisers; those who facilitate the process enrich themselves and pose a growing threat to freedom in general — a subject we intend to tackle in the near future

WE are closing a little chapter by finishing this series about sponsors-led events (see part 1, part 2, and part 3) that erode software freedom; we shall soon take a closer look at the analogous/accompanying press/media business, namely media coverage in exchange for payments. We already know that the Linux Foundation (LF) has strong ties with particular news sites and LF staff is even in the board of some of these. Puff pieces “as a service”? A disservice to the trade of journalism.

The LF staff/people/associates keep boasting about it in their “events” brochures, which we published in full earlier this month; they say that a bunch of media coverage will follow. They also sell “thank yous”, E-mail “blasts” (their word) and so on. What next? Telemarketing?

We urge readers to help us research that area (it may seem time consuming and difficult, but the truth is out there). The LF won’t be cooperative if we ask it about it directly. PR people are evasive and I know from personal experience that the PR staff of the LF are Windows users who use a lot of Microsoft software at the back end and the front end. They have no connection whatsoever to GNU/Linux.

In our previous post we also mentioned LF training, including “training” for Microsoft (Azure). It would be useful to know how these programmes come about and who pays for them (other than the enrolled). It seems like a big business associated with branding professionals, making them “Azure-certified” or whatever (i.e. people who help spread dependence on Microsoft and the NSA). We would like to explore these areas in greater depth, but we depend on help from members/readers. It takes a long time to prepare (i.e. fact-check) articles about that.

Richard Stallman himself recently asked me: “What does “Zemlin’s PAC” mean?”

“About a year ago,” I told him, “seeing that LF was no ordinary foundation and was hardly about Linux anymore — a sentiment shared among journalists whom I spoke to — I decided to refer to it as “Zemlin PAC”, just like “Vista 10″ or similar wordplays. When I came up with the name I was thinking of substitution for SuperPAC with the person who they portray as superman, and who uses this position — and trademark — to promote his political agenda too (as he does at LF events).”

We’re not done writing about LF or “Zemlin PAC”, but we truly depend on sources at this moment. We need more. In the meantime we shall cover related topics.

“I’ll think about topics,” said the member about the next issues for us to cover. “One is that in most areas there are no longer any IT departments, the staff have been replaced long ago by Microsoft resellers. So businesses and universities and governments are paralyzed and slowly falling down. Entryism is also a huge threat, as we see even in the LF and OSI lately. There are other targets, some already crippled, but no need naming them.

“GNU/Linux and the other Linuxes are exceedingly popular but only in so far as the software has spread. The Microsoft way of thinking about software is still something to contend with and causing planes to drop out of the sky. What needs to happen is that the ideas behind Linux should spread also, and not just the Four Freedoms but also the idea of doing one thing and doing it well. What other ideas?

“I would hope there are new books to look at. There are three old ones that I’m not sure if I have time to skim through them but I would recommend revisiting at least in part:

  • “Free Software, Free Society: Selected Essays of Richard M. Stallman” (2002) Richard M Stallman.
  • “Rebel Code: Linux and the Open Source Revolution” (2001) Glyn Moody.
  • “The Hacker Ethic and the Spirit of the Information Age” (2001) Pekka Himanen.

“Things were looking up 20 years ago. Some of that can be carried forward, but for most people who have never even heard of a functional computer, the will be difficult to reach both because of aforementioned resellers, UEFI, and lack of prominent examples.”

“In the land of the blind, the one-eyed man is in for one hell of a hard time.”

04.10.19

Guest Post: The Linux Foundation (LF) is “Putting the CON in Conference!” (Part 1)

Posted in Free/Libre Software, GNU/Linux, Microsoft at 6:40 am by Dr. Roy Schestowitz

“I spoke recently with someone who has a lot of experience with boards and explained the LF situation. They said that kind of takeover was so common that it probably could have been foreseen and guarded against, but stopped short of actually saying it quite like that. As for how to fix the situation, no ideas yet.”

Longtime Techrights member

Lighted gift

Summary: Proprietary software giants with their sponsorships and gifts are more like Trojan horses or parasites striving to infect the host; how can the LF be protected from them?

THE three prior articles [1, 2, 3] on this particular topic, namely events of the Linux Foundation (LF), provided some essential background or introduction to this. The latest feedback we’ve received concerns Jono Bacon, the subject of the last post. Other people are being named (readers tell us about them), but we’re reluctant to bring shame to them without contacting them in advance (as we did Bacon, who did not respond).

“What next? What else is for sale? Who will be the next sellout?”Bacon used to work for Canonical. He now works with the LF (a client of his, by his own admission in a recent blog post), which is selling “tweets” from Bacon. Last week Canonical was advertising for Microsoft (paid press release for “free bait” of proprietary software). We are growingly worried that Microsoft will buy Canonical in the not-so-distant future, seeing how financial compromise is already threatening the community. Last year Microsoft paid a lot of money to OSI and 2 weeks ago the OSI’s blog posts were even composed by Microsoft staff (inside the OSI’s’ Board now). What next? What else is for sale? Who will be the next sellout? This is the subject of today’s guest post, which we’ve edited so as to protect identities and organise things a little better.


Volunteers — volunteers — across multiple conferences influencing decisions based on their biases and career goals — one who held IRC sessions on how to submit a winning CfP for LibrePlanet last year — within a few days of the event — published an article in Linux Journal — about how it’s not important — it’s OK — to be proprietary…

RMS took care of it. I was like, “I’m no one’s sweetheart but COME ON!”

How about a conference that charges sponsors and gives them keynotes, articles and even paid tweets by Jono Bacon? Charges sponsors and attendees for what? Hosting a venue and bringing a few names… and little cupcakes?

What about convincing corporate sponsors/partners that they are working on important projects — projects no one uses, really aren’t useful, but are busy at work?

You’re open source now… Faux open source.

“Time to rebrand to FOSS.”Paying other conferences by sponsorship to have their people speak — just so that the presenter looks legit.

Finally, censoring anyone who speaks out about them in — of course — Censorpedia.

Time to rebrand to FOSS.

Anyway, I had an idea of how to combat all this propaganda. I’ve been reaching out to colleges to try encourage the university LUGs (Linux Users Groups) to have their own yearly conferences/learning workshops. I don’t know if that will help, but then I was thinking of pulling some LUGs in. If you ask [name redacted], he can tell you the story about how he was organizing a Conference, started having issues with the venue and such… and was given an “offer” not to continue doing so.

Dirty business these conferences…

If you take a look at the LF prospectus, you can see that the sponsors get anything from:

  • Keynote slot at the conference
  • Article interview
  • Tweets for $3k by Jono Bacon from his account

Just what seemed like a terrible propaganda factory.

“Now, it’s up to $120k for an article and keynote.”Upon realization that Microsoft was a high-tier sponsor, I decided not participate in the Make event in Los Angeles sponsored by LF, even though I had a commitment.

No freaking way…

Check out this year’s prospectus. Kimberly Andrews is listed as contact.

I have some notes:

1. [name redacted] was working SCaLE, SeaGL and LibrePlanet
2. [name redacted] was also side by side with [name redacted] many times in the conference presentation evaluation circuit
3. [name redacted], upon receiving a letter of my concern, addressed this to me and not FSF Staff.
4. Linux Foundation receives payments from sponsors and offers keynotes, article interviews, tweets.

See current prospectus. They have been doing this for years. Now, it’s up to $120k for an article and keynote.

In addition to receiving funding from sponsors for Linux Foundation events, the LF charges attendees. So what are they doing, really? Is it just about the money, or is it something more? Is it a stronghold placement and branding — to move along the LF agenda and gain more members?

The credibility of all of the above parties is questionable, regardless of employment status.

When Microsoft became a sponsor for LF events, it was appalling.

“The sponsorship this year at LF — includes diamond level $120k — has again an article in Linux.com.”After speaking with [name redacted] at [event name redacted], at length, I discovered that many sponsors expect a slot.

Side Note: I have been an event coordinator. In 2001, at Pearson for 2 worldwide events – FL and CA.

2008 – Masters conference at Microchip. Of course, these are companies with internal presenters and such. That’s the difference, right. Still a million-dollar enterprise.

The sponsorship this year at LF — includes diamond level $120k — has again an article in Linux.com.

04.08.19

Jono Bacon Works for Microsoft

Posted in Free/Libre Software, GNU/Linux, Microsoft at 1:58 am by Dr. Roy Schestowitz

He has not responded to our request for comment, either

Jono Bacon tweet
From the sponsor prospectus (below). “Page 14 shows there are 3 tiers to get a tweet by Jono Bacon,” a reader has alerted us.

Jono Bacon for Microsoft
Love for sale. Image from October 27, 2018 of Jono Bacon bragging about Microsoft swag on LinkedIn. See the above (or below). One Tier – 2017: “3 Social Media Sponsor Mentions from Linux Foundation and 1 from Jono Bacon’s (OCC Chair) Twitter account”

Summary: Jono Bacon and the Linux Foundation’s work for Microsoft are a subject scarcely discussed as it’s shrouded in secrecy/mystery; but we continue to dig deeper and unearth the ugly business model at hand

TWO prior posts [1, 2] on this topic are essential reading. They explain the reality of Linux Foundation “events” and what they are well beyond “events”.

“Many people are hanging around the Zemlin PAC like fish that swim near the shark for some food scraps.”Many of our readers do not like and do not trust Jono Bacon. They sometimes ask me why I’m still being nice to him. They challenge me over it and question his motivations. A decade ago Bacon invited me to FLOSS Weekly only to attack me on the show (mostly for my criticism of Microsoft). He defended Mono and Miguel de Icaza, among other Microsoft things/people. He and Microsoft had connected beforehand; they tried to hire him at least once before, so why not just ‘rent’ him instead (helps hide the motivations better)?

His modus operandi became clearer to me in recent years. I saw him promoting Microsoft (not just the above). Prior to that he was preaching to people about “open respect” and “politeness” while rapidly and casually attacking people and defending companies that do criminal things. This is the classic case of shielding oneself behind the cloak of “ethics” while attacking those who are actually ethical, painting them as impolite, “toxic”, “racist”, “sexist” and so on.

Here is the full brochure (there’s lots more there other than the above, which mentions Bacon by name).

open-source-summit-1

open-source-summit-2

open-source-summit-3

open-source-summit-4

open-source-summit-5

open-source-summit-6

open-source-summit-7

open-source-summit-8

open-source-summit-9

open-source-summit-10

open-source-summit-11

open-source-summit-12

open-source-summit-13

open-source-summit-14

open-source-summit-15

open-source-summit-16

open-source-summit-17

open-source-summit-18

Stay tuned for future parts. Bacon’s role at the Linux Foundation will become a lot clearer. Many people are hanging around the Zemlin PAC like fish that swim near the shark for some food scraps. Bacon isn’t alone in this; in future parts we may name a few more individuals who have compromised principles for a quick buck.

04.07.19

The Linux Foundation is Selling Tweets, Access, ‘Thank Yous’ and SPAM Services

Posted in Deception, Free/Libre Software, GNU/Linux, Marketing at 4:00 am by Dr. Roy Schestowitz

Imagine that they have the audacity to register as a non-profit/foundation


Here is the collection of these screenshots magnified (can alternatively zoom in over the above image, using the Web browser; this is the whole brochure)

Summary: Zemlin’s PAC has become a PR agency or worse — a lobbying apparatus that monetises the corporate takeover of Free/Open Source software (a quarter million dollars for a few paid “tweets”, speaking slots, “diversity” lip service and much more)

THE FREE software community is under attack. It’s a conquest, an invasion. Few people who enrich themselves are taking into private hands projects that are otherwise the Commons and they pretend it’s all just “love” (as in “Microsoft loves Linux”), “sharing” (to themselves), and “diversity”. Microsoft is already writing blog posts on behalf of the OSI, only a year or so after Microsoft gave a lot of money to the OSI. What next?

“Several years ago when their staff contacted me (using Microsoft products, obviously) it was made rather apparent that PR people got contracted, including bulk mailers. Is this what the Linux Foundation boils down to? Maybe.”In this series we rely on disgruntled insiders who are aware of what’s wrong and understand the immorality. In the above image we tried to keep it concise as there’s lots more (not even in the finer prints but in standard fonts, in plain sight). Notice the use of the term pertaining to E-mail; it says “blasts” (the term “blast” is used dozens of times for a lot of events and “products”; what are you, a Linux front group or a marketing SPAM operation?).

Several years ago when their staff contacted me (using Microsoft products, obviously) it was made rather apparent that PR people got contracted, including bulk mailers. Is this what the Linux Foundation boils down to? Maybe.

Here is what we recently wrote about the subject.

This early Sunday post is actually more like an interlude. We’re saving the best for later. We’re still patiently checking the pertinent facts. Our sources have named some of the culprits and we need to check with them in order to avoid making false accusations (about them specifically). To avert accusations of “inaccuracy” and in the interests of right to respond, we wished to find out who was paid to tweet what (no disclosures) at the Linux Foundation with its wingmen and flunkies (the Linux Foundation is contracting from the outside). If we hear something back (or won’t, even after a long wait), we will post the next part. “No comment” means no comment, but readers can reach their own conclusions about refusal to comment or defend oneself.

“I want to write an article called “Putting the CON in Conference!”,” one reader told us last month. If we get all the facts verified, we might publish something as soon as this evening or tomorrow.

04.02.19

Microsoft Linux Entryism: A Roundup

Posted in Free/Libre Software, GNU/Linux, Microsoft at 5:25 am by Dr. Roy Schestowitz

Entrance

Summary: Interlude and roundup of posts about Microsoft’s entryism-esque strategy, which involves it painting itself as its own competition while silently taking over parts of it (using money and a PR campaign)

THIS year, as planned, by putting aside some USPTO coverage (but not EPO coverage) we’ve freed up some time to cover GNU/Linux matters — more or less like we used to about a decade ago. We recently began a series which is not over yet (it’s work in progress) and we’ve already seen some responses in the form of articles, which themselves attracted comments such those citing us directly. “When Microsoft acquired The Linux Foundation in 2016, it ceased to be moral,” one comment said in recent days. There are dozens more.

“Nobody has yet complained about any inaccuracies.”In order to organise matters and put it in a chronological context we’ve decided that, rather than put it all in a Wiki (like we typically do) we’d link back to previous articles. Here are some articles of relevance to this:

We have several more pieces on the way, but we need to be patient until we can verify all the facts (pertinent claims ascertained to be true, for sure). Nobody has yet complained about any inaccuracies. We wish to keep it that way.

02.10.19

Jim Zemlin’s PAC Keeps Raising Money From Microsoft

Posted in Free/Libre Software, GNU/Linux, Microsoft, OSDL, OSI at 12:32 am by Dr. Roy Schestowitz

Today’s Linux Foundation, de facto successor of OSDL, is fronting for proprietary software companies — a very profitable business prospect

Jim Zemlin's PAC
Quite a few of the above are former Microsoft employees (document from IRS)

Summary: The Open Source Definition’s author as well as various Free/Open Source software (FOSS) luminaries warn of an attack on FOSS (“efforts to undermine the integrity of open source”); it’s not too hard to see who participates in it or enables such attacks

SOME days ago the media was ‘aflood’ or awash with reports (literally dozens like this one) about Microsoft stepping deeper into the Linux Foundation, spurring backlash and motivating some readers to write to us about it. As one reader once framed it, the Linux Foundation monetises the handover of Linux and pertinent related pieces, composed by volunteers, to the corporations that ‘buy’ these. It is a fantastic “business model” if it can be called that (imagine passing it off as a “charity”, too). Jim Zemlin and his fellow PR people (and accountant) receive outrageously large salaries, based on public filings (see above). We’re talking about something like $600,000 per year, possibly tax-exempt because they pose as a non-profit. The above is from 2015, so these salaries have likely increased since. As Bryan Lunduke pointed out at some point, these people earn even more money than Linus Torvalds himself (the people or person whose trademarks they convert into cash). Is he in it for software freedom or just for the money? Zemlin is not a technical person.

“…recently there have been efforts to undermine the integrity of open source…”
      –OSI
I’ve long attempted to refrain from being too harsh on the Linux Foundation because I recognise we have vastly greater threats out there (threats to software freedom). The question remains, however, how much Microsoft money is too much and when does the Linux Foundation represent the interests of proprietary software companies more than it represents Free software (or “Open Source”) ideals?

OSI, which also received Microsoft money not too long ago, now warns about an effort to “undermine the integrity of open source”. To quote Business Insider’s new artice, “one of Silicon Valley’s most important industry groups warns that the definition of the term “open source” must be guarded just as zealously as that of the kilogram — and that “recently there have been efforts to undermine the integrity of open source” by stretching the definition to suit their own self-interest.”

“It’s no wonder that the OSI’s Bruce Perens warned a couple of years ago that the the Linux Foundation had become an infringers’ club (he was alluding to GPL infringements).”You just know something is very wrong when pro-GPL groups are being made up just to be dominated by serial GPL infringers like Microsoft and VMware. Who’s facilitating it (and profiting from it)? The Linux Foundation. It’s no wonder that the OSI’s Bruce Perens warned a couple of years ago that the the Linux Foundation had become an infringers’ club (he was alluding to GPL infringements). His views on OIN weren’t any more flattering. This isn’t some random person but the person who came up with the Open Source Definition and is generally supportive (and close to) the FSF/Free Software movement.

“I would love to see all open source innovation happen on top of Windows.”

Steve Ballmer, Microsoft CEO

02.06.19

The Evolution of Microsoft Embracing Python Like a Python Snake

Posted in Deception, Free/Libre Software, Microsoft at 3:04 am by Dr. Roy Schestowitz

Many new strides in recent months

Tie snake

Summary: Microsoft’s suffocating embrace is, as usual, targeting the market leader, this time Python (a programming star) and the past few months brought disturbing new developments associated with entryism

THE FOLLOWING tweets, starting 2010 and running until this week, tell the story better than a diagram/picture.

Money talks. Microsoft is buying its position inside Python like it did Apache a decade ago [1, 2].

01.06.19

Pirate Party Championing Free/Open Source Software in Europe

Posted in Europe, Free/Libre Software at 7:28 am by Dr. Roy Schestowitz

European Pirate Party

Summary: The European Pirate Party is an ally of Free/Open Source software, helping to improve such software not just for Europe but for everyone in the world

AT the end of last month Julia Reda (MEP, Pirate Party) made an announcement which was initially overlooked. Maybe due to the time of the year. But over the next week (and almost a fortnight) news sites caught up with it. See below.

This is definitely a step in the right direction. Not only does the Pirate Party promote copyright sanity (e.g. opposing copyright ‘reform’ which would ban or tax Fair Use like in the links below). It is also an effective proponent/advocate for software freedom.

Related/contextual items from the news:

  1. EU to launch bug bounties for 14 open source projects

    Starting this month the European Commission (EC) will kick off a series of bug bounties aimed at finding and patching security bugs in open source software (OSS).
    Each of the bug bounties, which offer prize pools of between €25,000 and €90,000 (AUD$40,518 and AUD$145,868), target open source programs that are widely used within the EC.
    The EC selected software it would fund bug bounties for based on previous inventories of software usage within the EC and a public survey about what projects should be supported.
    Open source projects that will get EC-incentivised attention in coming months include Filezilla FTP software, the KeyPass password manager, Drupal CMS software, and the Apache Software Foundation’s implementation of Java technologies, Apache Tomcat.

  2. EU to offer nearly $1m in bug bounties for open-source software

    The full list of 15 bounty programs includes the file archiver 7-zip, the Java servlet container Apache Tomcat, the content management framework Drupal, the cross-platform FTP application Filezilla, the media player VLC, the password manager KeePass, the text/source code editor Notepad++, plus other popular tools. Rewards start at €25,000 and go on up to €90,000 ($28,600 to $103,000), for a total offered amount of €851,000 ($973,000).

  3. Pirate Party MEP serves up €1m Brussels-backed bug program for open source

    The European Union is ponying up close to €1m under a bug bounty programme spanning a range of open source projects.

    The cash drop represents the latest milestone for the Free and Open Source Software Audit Project (FOSSA) the brainchild of German Pirate Party MEP Julia Reda and her colleague, Max Andersson.

    In a pre-NYE blog post announcing the bounties, and recapping progress on FOSSA, Reda said that, “In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.

  4. EU Offers up to $100,000 in Bug Bounties for Open Source Projects

    The European Commission has provided funding for bug bounties in 14 open source projects it relies on. The bounties are designed to find gaps in its security after a year of successful attacks across the world.

    The idea has roots in the Heartbleed vulnerability, whose discovery in OpenSSL caused a mad scramble and widespread concern. This led to the proposal of the Open Source Software Audit (FOSSA) by Julia Reda.

    The bounties include popular applications like Filezilla, Notepad++, PuTTy, VLC Media Player, KeePass, and 7-zip. They were chosen by a historical look at application usage in the EC and a public survey by Reda.

    Of course, while the discovery of the bugs will aid the European Commission, they’ll play a wider role in protecting the public as a whole. The bounties are open to all on HackerOne and Intigriti, meaning anyone holding on to relevant exploits has a financial incentive to divulge them.

  5. ‘Ethical’ hackers could make up to £80,000 breaking into EU computer software as part of new European Commission security project

    The Commission is funding 15 ‘bug bounties’ in total, with the total prize fund topping £800,000.

    EU officials are looking to paper over the cracks in open source programmes – software available for free online – that the Union uses in its computer systems.

    The full list of programs includes 7-zip, Apache Tomcat, Drupal, Filezilla, VLC, KeePass, Notepad++ and other popular tools used in systems across the globe.

    Rewards for ‘ethical hackers’ who get involved range from £22,000 to £80,000 per bug found, depending on how serious the flaw is.

  6. EU to fund bug bounties

    Ethical hackers could earn up to $100,000 if they can spot vulnerabilities in the free open source software used by the European Union
    The European Union (EU) has set up a bug bounty for 15 applications to help uncover security flaws in the most popular free and open source software on the web.

    Bug bounties are a prize for people who actively search for security issues and the EU is calling on ethical hackers and developers to help find vulnerabilities in the open source projects it relies on.

    The initiative was announced by Julia Reda, a member of the European Pirate Party and the co-founder of The Free and Open Source Software Audit Project (FOSSA), and will see the EU fund 15 bug bounties ranging from $30,000 to $100,000 depending on the software in question and the size of the vulnerability.

  7. The EU opens its own bug bounty program for open source software

    IN PRECISELY 86 DAYS – unless something dramatic happens – Britain’s 73 MEPs will lose their hard-earned (citation needed) European Union salary. For those that want one more hit of EU gravy after handing in the door pass, there is another way: finding bugs in open source software.

    Bug bounties are nothing new, but they tend to be offered by companies with deep enough cash reserves to fund them, for obvious reasons. Facebook, Google, Microsoft and many others essentially pay people to find flaws in their software, so they can patch them before somebody else uses it to cause them bigger headaches further down the line.

    So why is the EU getting in on the act? Simply because it uses open source software, and said programmes rely on the community to catch potential exploits. That’s proved pretty efficient in the past, but with the EU representing the interest of 28 countries – well, 27 and one putting on its coat to leave – one small exploit could cause a lot of big problems.

    As such, German Pirate Party MEP Julia Reda has unveiled the bug bounty program for 15 pieces of software favoured in Brussels and beyond: 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player and WSO2.

  8. EU to fund open-source bug bounty programmes
  9. EU Offers Bug Bounties For 14 Open Source Projects

    The European Commission in January is funding 14 bug bounty programs in hopes of sniffing out vulnerabilities in the free open source projects that EU institutions rely on.

    The bug bounty programs span 14 open source software projects and offers a total of almost $1 million for all bounties combined. The bug bounty programs have varying rewards, start and end dates, and platforms. The first bug bounty programs – for Filezilla, Apache Kafka, Notepad++, PuTTy, and VLC Media Player – begin next week on Jan. 7.

    The initiative stems back to the Free and Open Source Software Audit project (FOSSA), first created by European Parliament member Julia Reda. Reda proposed FOSSA with the hopes of securing open source software, after the Heartbleed vulnerability was discovered in open source encryption library OpenSSL in 2014.

  10. European Union is Encouraging Coders in Open Source Projects with Bug Bounty Programs

    For anyone who has played around with the coding side of things, or even had a peek under the bonnet, names such as notepad++, GNU C library and Putty will be immediately recognizable.

    These are some of the commonly used Open Source Software (OSS); software that is freely distributed with it source code that allows the user to read or modify it. Due to this, they are widely used in IT and programming.

    Appreciating the important purpose they serve, and also the possibility of abuse, Julia Reda, an EU Member of Parliament has announced that the European Commission is launching what they term as “ bug bounty programs,” in a bid to encourage and support open source software.

    The Member of Parliament noted that this is part of an ongoing effort, Free and Open Source Software Audit (FOSSA) in a concerted effort to get people to look debug these projects. At this time there will be up to fifteen programs that will be supported, in a bid to make the Internet safer and more reliable.

  11. EU launches Bug Bounty program for 14 free open-source products

    Bug bounty program for 14 of its open source projects will commence from January 2019 while the last one will start from March 1. These programs are sponsored as part of the 3rd edition of the FOSSA project, which was approved by the EU authorities in 2015 after severe vulnerabilities were identified in the OpenSSL library in 2014.

  12. EU to offer bug bounties for finding security flaws in open-source software

    Bug bounties are a way for companies to check the security of their software by offering cash to freelancers who hunt for security exploits and then report them so that they can be fixed. The idea is that everyone benefits from this process: the company gets its software checked by a larger variety of people than they could employ by themselves, the bug hunters get offered legitimate cash for finding a security flaw instead of selling that information on the black market, and the public gets software which has been more thoroughly checked for security issues. Big tech companies like Google and Intel have been running bug bounty programs for years.

  13. European Union announces bug bounty program

    Payouts have ranged from 25.000,00 € for a Digital Signature Services (DSS) vulnerability to 90.000,00 € for a PuTTy vulnerability.

    “The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure,” Reda said in an announcement. “Like many other organisations, institutions like the European Parliament, the Council and the Commission build upon Free Software to run their websites and many other things.”

  14. EU primes open source bug bounty effort

    Security researchers have welcomed a European Union-funded scheme to offer bug bounties on free and open source software projects that begins its roll-out this month.

    The bounty scheme is an extension of the Free and Open Source Software Audit (FOSSA) project, and will reward ethical hackers who uncover flaws in key components of internet technologies such as Drupal and Apache Tomcat as well as consumer utilities such as the VLC Media Player.

    Maximum payouts will range between €25k and €90k under a total of 15 programs, administered by either HackerOne or Intigriti/Deloitte, funded in large part by the EU.

  15. Europe to Fund Open Source Software Bug Bounty Programme

    From Monday 7 January the European Commission (EC) will start paying out bug bounties to security researchers who find vulnerabilities in 14 open source projects.

    The funding pot is part of the EU Free and Open Source Software Audit (FOSSA) project, overseen by the EC’s Directorate General of Informatics (DIGIT).

    The bounty programmes, run on the HackerOne and Intigriti platforms, cover open source software (OSS) used in European infrastructure, including streaming software Apache Kafka, content management framework Drupal and puTTY; a free SSH and telnet client for Windows.

    But the project has not been without its critics, who have warned it will place a growing workload on volunteer-led projects, potentially alienating code maintainers who will see little personal benefit as a result.

  16. Open Source Software Needs Funding, Not Bug Bounty Programs

    While the European Union’s latest bug bounty program for widely used open source projects sounds like a step towards improving the security of the overall Internet ecosystem, these programs may wind up complicating efforts to secure these applications.

    The European Union has committed to pay €850,000 (nearly $1 million) in bug bounties for vulnerabilities found in 15 open source projects as part of the edition of the Free and Open Source Software Audit (FOSSA) project, said Julia Reda, a member of the European Parliament representing the German Pirate Party. The projects are 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player, and WSO2. Six of the projects will accept vulnerability reports until the summer, six until the end of the year, and three will accept reports through 2020. Drupal, a powerful content management system, and PuTTY, a terminal emulator, serial console and network file transfer application, have the largest amounts allocated under this program, at €89,000 ($101,000) and €90,000 ($102,000), respectively.

  17. EU Launches Bug Bounty for 15 Open Source Projects

    Working in partnership with HackerOne and Intigriti, the EU announced that the European Commission will launch a bug bounty program as part of the Free and Open Source Software Audit (FOSSA).

    The third edition of FOSSA will include 15 software programs: 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PHP Symfony, PuTTY, VLC Media Player and WSO2, according to EU Parliament member Julia Reda.

    Reda, who has written extensively about the security risks in Open SSL, launched the FOSSA project with her colleague Max Andersson in 2015, which is moving into phase three. The first 14 bug bounty projects will commence in January 2019, with the final project beginning in March.

  18. EU to fund bug bounty programs for 14 open source projects starting January 2019

    The 14 projects are, in alphabetical order, 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player, and WSO2.

    The bug bounty programs are being sponsored as part of the third edition of the Free and Open Source Software Audit (FOSSA) project.

    EU authorities first approved FOSSA in 2015, after security researchers discovered a year earlier severe vulnerabilities in the OpenSSL library, an open source project used by many websites to support HTTPS connections.

  19. EU Offering Cash Bounty Incentives For Finding Security Flaws in Open Source Tools

    FOSSA aims at bringing together the developer community to ensure better security of open source systems, such as CMS or other standard software used by the EU.

    There are several open-source software that is widely used by the authorities, as well as the public at large. Reportedly some of these are used as part of the EU’s IT Infrastructure, and therefore they are keen on ensuring better security for such projects.

  20. Europe to fund bug bounties for 15 open source programs, including VLC, Drupal and Notepad++

    The full list of programs that will be funded by the EC from January includes a number of popular tools: 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, Notepad++, PuTTY, PHP Symfony, VLC Media Player and WSO2. In March, midpoint will be added to the list.

  21. EU offers bounties to help find security flaws in open source tools
  22. EU puts up bug bounties to find flaws in open source software

    The European Union (EU) has put up a bug bounty for security researchers to spot flaws in the open source software used by the regional bloc.

    In a post on her website, European Parliament member Julia Reda of Germany said the bounty to be launched in 2019 by the European Commission – EU’s executive branch – will cover a total of 15 free and open source software “that the EU institutions rely on.”

  23. EU to fund bug bounties for open source projects including PuTTY, Notepad++, KeePass, Filezilla and VLC

    Why it matters: The internet largely relies on open source projects to survive, but these are often developed by hardworking and charitable developers rather than well-paid employees. An unfortunate consequence of this is that developers simply don’t get the time and resources they require to hunt down the vulnerabilities that are so pervasive in complex code.

    The European Union has recognized this problem, and as part of their Free and Open Source Software Audit (FOSSA) they’ve set up a bug bounty for 15 applications. The bounty ranges from $30,000 to $100,000 depending on the software in question, and of course, on the seriousness of the vulnerability discovered.

  24. European Union to fund bug bounties for leading open-source software projects

    The European Union is an unexpected entrant into the world of bug bounties, funding 14 of them for open-source software projects on which the organization relies.

    Bug bounties are payments provided to security researchers and others who detect and report vulnerabilities in software. The EU’s funding will begin at the start of January.

    Announced late last week by Julia Reda, an elected representative of the EU Parliament, the program will fund bug bounties for a variety of software: 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services, Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player and WSO2.

    The funding will be provided through the Free and Open Source Software Audit project that was approved by the EU in 2015. That project was founded after flaws were found in OpenSSL, the open-source library used for the encryption of internet traffic.

  25. EU to Launch Bug Bounty Program for Open Source Software

    The bounties are offered as part of the Free and Open Source Software Audit project (FOSSA), originally launched in 2015 following the discovery of security flaws in OpenSSL encryption.

    Julia Reda, a German member of the European Parliament, says the bug bounty program will include 14 projects that the EU itself relies on.

    “The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software. The software projects chosen were previously identified as candidates in the inventories and a public survey,” she says.

  26. EU To Offer Almost $1M In Bug Bounties On Open Source Software

    The full list of programs includes 7-zip, Apache Tomcat, Drupal, Filezilla, VLC, KeePass, Notepad++ and other popular tools that the EU institutions rely on, with rewards ranging from €25,000 to €90,000 ($28,600 to $103,000), for a total offered amount of €851,000 ($973,000).

  27. 14 open source projects get EU funding for bug bounty payments

    Starting from the New Year, the European Union has decided to fund bug bounty programmes for a plethora of important open source projects. There are 14 projects covered by this initiative, starting from January 2019. The EU reckons its funding will shore up the integrity and reliability of the internet and other infrastructure, benefitting organisations and intuitions not just in Europe, but worldwide.

  28. The EU Opens Bug Hunting Season in 2019 for 15 Open-Source Projects It Uses

    From January 7, 2019, researchers can submit security flaws for Filezilla, Apache Kafka, Notepad++, PuTTY, and VLC Media Player via the HackerOne bug bounty and vulnerability coordination platform. midPoint, a platform for identity management governance, is another product the EU wants to be more secure and offers rewards for vulnerabilities reported through HackerOne, starting March 1, 2019.

    The rest of nine software products for which the EU set up a bug bounty are FLUX TL, KeePass, 7-zip, Digital Signature Services (DSS), Drupal, GNU C Library (glibc), PHP Symfony, Apache Tomcat, and WSO2; security flaws for them are coordinated through Intigrity, a Brussels-based crowdsourced security platform. The security reward programs for these start on January 15 and January

  29. EU to sponsor bug bounty programs for 14 open source projects from January 2019

    Julia Reda, EU member of the parliament, announced, last week, that EU will be funding the internet bug bounty programs for 14 out of the total 15 open source projects, starting January 2019.

    The Internet Bug Bounty programs are rewards for friendly hackers who actively search for security vulnerabilities and issues. The program is managed by a group of volunteers that are selected from the security community. The amount of the bounty depends on how severe the issue uncovered is and the importance of the software. The amount ranges from 25,000,00 Euros and all the way up to 89,000,00 Euros.

  30. EU to fund bug bounty program for top open-source software

    The European Union will help cover the expenses of bug bounty programs for 14 open-source projects according to an announcement made by EU Member of Parliament Julia Reda.

    The projects that will receive funding for their bug bounty programs are 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player and WSO2.

    The bug bounty programs are being sponsored as part of the third edition of the Free and Open Source Software Audit (FOSSA) project.

  31. EU to fund open-source bug bounty program

    Here’s a cool way for white hat hackers to earn themselves some nice greens. The European Union is funding a bounty hunter program for a bunch of open-source projects.

    Starting next year, cybersecurity-savvy individuals can get their hands dirty with a total of 14 projects: 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player, and WSO2.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts