Sharing is caring

FileZilla, the popular file access and transfer software application, has become the latest addition to the Free and Open Source Software Audit (EU-FOSSA) bug bounty project.

Under the terms of the initiative, security researchers have been invited to test the free version of the FileZilla FTP client.

Payouts range from €250 ($285) for low severity bugs, such as information leak and crashes, to €5,000 ($5,700) for critical remote code execution (RCE) flaws.

Researchers who include a fix in their report can also receive a 20% bonus.

A full technical overview can be found on the FileZilla bug bounty page over at HackerOne.


Unveiled at the tail end of 2018, the EU-FOSSA bug bounty program is rewarding ethical hackers who uncover flaws in key components of open source internet technologies such as Drupal, Apache Tomcat, and VLC Media Player.

The past few weeks has seen numerous additions to the project, including Apache Kafka, Notepad++, and KeePass.

“Finding bugs, which even the best developers sometimes inadvertently introduce, is a task that benefits a lot from having more developers look at the code,” said Tim Kosse, FileZilla founder and team leader.

FileZilla’s EU-FOSSA bug bounty program will run for eight weeks.