Case Study: European Commission achieves faster vulnerability discovery and stronger open-source security with Intigriti

Securing open source software through crowdsourced security

The European Commission’s Directorate‑General for Informatics (DIGIT), via its Open Source Programme Office under the ISA2 Sharing and Re‑Use action, needed to harden widely used open‑source projects (Moodle, Zimbra and Element/Matrix) and support open‑source communities after high‑profile incidents like Heartbleed. To meet this challenge the Commission engaged Intigriti and its bug bounty platform to run crowdsourced security testing programs.

Intigriti launched three bug bounty programs on 11 January 2021 and, within weeks, researchers submitted reports that included three “critical” vulnerabilities in one project and at least one “high” severity finding across all three projects; these were patched quickly by the communities. Intigriti’s platform (including report pre‑triage and access to its researcher community) accelerated discovery and remediation, delivering measurable improvements in the security of the Commission’s targeted open‑source software.

European Commission

Miguel Díez Blanco

Project Lead Open Source Programme Office