EU flings €1m at open source security audit wheeze

EU institutions have finally got the memo about it being a good idea to pinpoint and fix security vulnerabilities.

Next year the European Parliament has allocated up to €1m for a project to audit free software programs in use at the European Commission (EC) and the EU Parliament in order to find and repair potential weaknesses.

A further €500,000 is being made available to work on encrypting communications among EU institutions.

Free Software Foundation Europe president Karsten Gerloff, said it was good to see the institutions investing “at least a little in improving the quality and the programs they use.”

However, he added that to make the best use of their efforts, institutions should work closely with upstream developers and make audit results public as soon as possible.

John Sullivan, executive director, Free Software Foundation, said: “Free software cannot guarantee your security, and in certain situations may appear less secure on specific vectors than some proprietary programs. As was widely agreed in the aftermath of the OpenSSL “Heartbleed” bug, the solution is not to trade one security bug for the very deep insecurity inherently created by proprietary software - the solution is to put energy and resources into auditing and improving free programs.”

The EC runs its IT on more than 350 Linux servers. All new web applications are protected by an open source-based solution for authentication, currently serving more than 300 existing web applications, more than 60,000 users and performing more than 10,000,000 authentications on a yearly basis with more than 17,000 different users every day, according to the commish’s informatics department (DG DIGIT).

Within the EC's IT network an open source-based developer collaboration platform hosts more than 770 projects accessed by more than 3,000 developers. ®