Case Study: EU-FOSSA achieves stronger protection of critical open-source software with HackerOne

EU-FOSSA - Customer Case Study

HackerOne teamed with the European Commission’s EU-FOSSA 2 project to scale up a bug bounty initiative aimed at improving the security of free and open source software used across EU institutions. Triggered by incidents like Heartbleed and building on a successful pilot, the challenge was to identify and remediate critical vulnerabilities in widely used FOSS while coordinating with multiple institutions and the open source developer community.

The solution used HackerOne’s platform to run targeted bounties across 15 high‑priority projects, defining scopes with each project’s developers, offering incentives (including a 20% bonus for contributors), and organizing hackathons to support fixes. With responsible public disclosure after patches, the programme expanded institutional coverage, deepened community engagement, rewarded contributors, and strengthened the security of the covered open source software.

EU-FOSSA

Saranjit Arora

Project Manager