The European Union just announced that it will give the source code of the password manager KeePass and Apache Web Server a security audit.
The idea to audit open source software came to live back in December 2014 when two members of the European Parliament suggested an audit for free software used by EU institutions.
The European Parliament allocated one million Euro for a pilot project. It took another 18 month to get started, in the last two months, users were asked to pick two free software programs from a list of open source solutions in use by the European Parliament or the Commission.
The selection list included several well-known open source solutions including Firefox, Apache Web Server, WinSCP, 7-Zip, NotePad++, VLC Media Player, and even Linux (or a component thereof).
The results are in, and the two projects with the most votes are the password manager KeePass and the Apache Web Server.
KeePass is a popular password manager for various operating systems, Apache a widely used HTTP server on the Internet.
While I'm happy that KeePass received nearly one quarter of all votes (23.1%), it is surprising that it and Apache HTTP Server were favored in the survey over Linux or Firefox.
Here is the top ten list:
While KeePass and Apache HTTP Server were picked, the pilot project started work on documents that benefit future code audits as well. The pilot project ends in December, and the EC and EP are looking for funds currently to continue the project.
You can check the methodology page on EU-FOSSA for planned and already available documents. There you will also find published the results of the sample code audit of the two selected open source solutions.
The EU-FOSSA team responsible for the code audit plans to work closely with the owners of the two selected open source solutions.
The EU-FOSSA pilot is to result in a systematic approach for the EU institutions to make sure that widely-used key open source components can be trusted. The project will should also allow the EU institutions to contribute to the integrity and security of key open source software. The EC and the EP are looking for funds to continue the project after December, when the pilot will end.
As a user, I would probably have picked Firefox and KeePass as those are the two programs I use the most throughout the day. The list does include more than ten programs that I use regularly though, and I'd like the project to continue to give them all a code code audit.
Now You: Which open source solutions would you have picked?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.