Million-Euro bug-hunt starts
The Apache HTTP server and KeePass password manager are to get a free code audit, courtesy of a pilot European Commission project.
The EC-FOSSA (free and open source software auditing project) pilot was conceived by the European parliament in 2014, and given €1 million to work with.
As well as code audits, it’s got the daunting job of creating an inventory of open source software in use throughout the parliament and the European Commission.
EC-FOSSA asked the public to nominate projects for the first audit, and those two were far-and-away the most-nominated, with 23.1 per cent of the 3,282 comments nominating KeePass, and 18.7 per cent favouring Apache.
Linux received just 8.6 per cent of nominations, and those were fragmented, so when it came down to specific components, the greatest number of nominations was for the experts to comb through the glibc library.
EC-FOSSA promises to work closely with Apache and KeePass to make sure that its code review results in genuine contributions to the projects.
That’s partly in response to the Free Software Foundation Europe’s Matthias Kirschner criticising the project earlier this month. The Register notes, however, that only a small part of Kirschner’s complaints would be addressed by EC-FOSSA’s promise.
The code review is, therefore, something of an acid test for the Eurocrats, since they hope to get funding to keep things going beyond the pilot’s December terminus. ®
Sponsored: 2016 Cyberthreat defense report