New scheme comes in wake of successful EU-FOSSA campaign

Intigriti launches EU-backed bug bounty program for Matrix secure communications tool

UPDATED Bug bounty platform Intigriti has partnered with the European Commission to launch a new vulnerability rewards program for Matrix, the open source secure communication tool.

Belgium-based Intigriti confirmed on Twitter it was leading the program as part of a fresh drive from the European Commission, the executive branch of the European Union, to secure critical open source software projects.

Read more of the latest bug bounty news

The Foundation, which describes itself as an “open standard for decentralized secure communication”, is asking bug hunters to find vulnerabilities in its messaging tools and projects.

Security researchers are being offered up to €5,000 ($6,000) for discovering flaws in the software. They can also earn a 20% bonus from the European Commission if a viable patch is provided with the vulnerability report.

The scheme is funded under the open source component of the 2020 ISA2 Sharing and Re-use action (2016.31) (PDF), a spokesperson for the European Commission told The Daily Swig.

This is in contrast to earlier reports that suggested it was a third iteration of the EU-FOSSA initiative.

Securing critical projects

The news comes on the heels of the EU’s Free and Open Source Software Auditing (EU-FOSSA) campaign, which was aimed at improving the security of critical open source software used by European institutions and the general public.

The initiative was set up in the aftermath of the 2014 Heartbleed bug, which caused over $564 million worth of damage worldwide.

RELATED Open source community toasts efforts of EU-FOSSA 2 bug bounty program

EU-FOSSA 2, the second iteration of the scheme, kicked off in January 2019 and resulted in payouts of more than $220,000 over 18 months, as researchers disclosed vulnerabilities in VLC media player, the FileZilla file-sharing app, and many more.

This article has been updated for clarity.

READ MORE Introducing – the first website ‘exclusively dedicated’ to revealing security vulnerabilities in malware