![Page 1: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/1.jpg)
EU-FOSSA 2
OSS workshop in the
European Parliament
Marek Przybyszewski
May 16, 2019
![Page 2: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/2.jpg)
The EU-FOSSA journey
€ 2.6M
EU-FOSSA 2
(2017-2019)
EU-FOSSA
(2015-2016)
INITIATIVEPILOT
PROJECT
PREPARATORY
ACTION
STANDING EU
ACTIVITY
€ 1 M
![Page 3: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/3.jpg)
The pilot project
• Inventory of FOSS used at the EC
• Public survey
• Formal code reviews
Lessons learned
• Methodology works and code reviews
useful (but...)
• What about fixing bugs?
• Improve cooperation with communities
![Page 4: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/4.jpg)
OSS criticality ranking
CRITICALITY
INDEX
RELATION WITH
SECURITY
NUMBER OF
INSTANCES
EXPOSURE TO
END USER
![Page 5: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/5.jpg)
Public survey
• June 2016
• 3.282 participants
• Top 3
• KeePass 23.1%
• Apache HTTP Server 18.7%
• VLC Media Player 8.8%
![Page 6: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/6.jpg)
• Increase the scope
• Launch 15 Bug Bounties
• Organize 3 Hackathons
• Fix already known bugs
• Work in closer cooperation with developer
communities
• Develop a communication strategy
For EU-FOSSA 2 we set out to…
![Page 7: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/7.jpg)
5/16/2019
7
15 bug bounty programmes
![Page 8: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/8.jpg)
Bug bounties in full force
• VLC
• MidPoint
• PuTTY
• Filezilla
• Notepad++
• Drupal
• WSO2
8
• Apache Kafka
• PHP Symfony
• KeePass
• 7-zip
• glibc
• Apache Tomcat
• DSS
• FLUX TL
Main results:
• 474 bugs reported
• 131 bugs accepted
• 15 bugs high or critical
• EUR 137.000 paid
![Page 9: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/9.jpg)
Bug bounties framework contract
• 3 vendors selected via public procurement tender:
• The Framework contract may be used by other DGs to organize their own bug bounties.
9
European Commission can test its open source software.
![Page 10: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/10.jpg)
5/16/2019
10
![Page 11: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/11.jpg)
Hackathons
Dedicated website: https://eufossahackathon.bemyapp.com/
PHP Symfony | 6-7 April
• 60 participants
• 230 issues addressed or resolved
• 900 references on Twitter
11
![Page 12: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/12.jpg)
Hackathons
Apache Software Foundation | 5/6 May
• 30 participants from 5 communities
12
![Page 13: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/13.jpg)
What else is inside EU-FOSSA 2?
New studies and innovations
13
• Updated inventories
• Reinforcing OSS Strategy
• IPR and IT support study
• Improving Drupal’s security
![Page 14: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/14.jpg)
14
![Page 15: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/15.jpg)
• Brand refresh - new logo and visual identity
• Website
• Goodies
• Coordination of comms efforts on:
• Hackathons
• Bug bounties
• Internal / external promotion
Brand touchpoints
![Page 16: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/16.jpg)
Media interest
• Overwhelming coverage by media, both
technical and generalist publications
• Over 117 news articles published on
EU-FOSSA 2 in the past 5 months
• Content with the most successful
performance on DIGIT’s Twitter account
![Page 17: OSS workshop in the European Parliament · 2019-05-20 · • Fix already known bugs ... • PuTTY • Filezilla • Notepad++ • Drupal • WSO2 8 • Apache Kafka • PHP Symfony](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1cc556545b717e1056e2f/html5/thumbnails/17.jpg)
EU-FOSSA 2 - the ultimate goal
• Improve security of open source
software
• EU institutions working with open source
software communities
• Make investment into the security of open
source software a permanent action of
the EU
17