The European Union and Open Source Software


The European Union (specifically the European Commission with the department DIGIT) is becoming more prominent about its efforts in taking part in the open source world.

With the organization of hackathons it is directly starting the conversation with open source communities. Already two of three events were held in Brussels with the most recent one with members of the Apache Software Foundation. The third one will take place at the start of October 2019 and they are looking for a community for this event. For context about what these hackathons are and why the EU is having a conversation with open source communities, it may be good to have a look what the initiative FOSSA by the European Commission is.

The Heartblead bug in OpenSSL in 2014 really started a bigger discussion about security in open source software. This bug showed that much of the internet and software in general is depending on small open source projects. The discussion about the importance of security in open source software was brought to politics back then. This basically became a trigger for FOSSA.

In fact there are two programms under the name FOSSA. Let’s start what FOSSA actually means: Free and Open Source Software Auditing. The first activities of FOSSA were exactly that: auditing open source software. It started in 2015 after the efforts of two members of the European Parliament Julia Reda and Max Andersson. The European Commission basically created a budget for creating a list of open source software used in European institutions and started auditing some of them. The first two open source projects reviewed by FOSSA were Apache HTTP server and the password manager Keepass.

In 2017 Members of the European Parliament achieved a new budget and got the project expanded. This became EU FOSSA 2 which added more activities like bug bounties, conferences and the three hackathons. FOSSA 2 is now offering money in form of bug bounties for researchers who report security issues in critical open source software used in EU institutions. You can find more about that on Julia Redas homepage.

FOSSA 2 is a preparatory action at the moment, which means it is kind of an experimental activity with a limited timeframe and budget. The European Commission approved a budget to find a way to work on this resort of open source. The members of the FOSSA 2 project work on goals and measures that could become a permanent budget item for the European Commission. There is some public information on the work done on the official page and you can expect more communication to come.

It is a good sign that the EU is strongly considering open source software for new applications used in European institutions. Initiatives like FOSSA show that the EU is trying out different ways to support open source. Members of the parliament, commission, DIGIT and more are supporters for that vision.

Open source now exists for some time but in 2019 there is still no clear idea how to do open source in a sustainable way. The activities of FOSSA show different approaches to support open source communities and produce better and more secure software.

If you are interested in open source you should keep an eye on FOSSA activities and their findings.