The European Commission announced on Wednesday that its IT engineers would provide a free security audit for the Apache HTTP Server and KeePass projects.
The EC selected the two projects following a public survey that took place between June 17 and July 8 and that received 3,282 answers.
The survey and security audit are part of the EU-FOSSA (EU-Free and Open Source Software Auditing) project, a test pilot program that received funding of 1 million until the end of the year.
EU-FOSSA funded until December 2016 onlyEU-FOSSA administrators used two criteria to make their choice. How much the software is used inside and outside of the EU institutions, and how critical the software is to the institutions and its users.
The program's goal is to increase the security of Free Software used by the European institutions. The project was proposed in 2014 by Julia Reda, member of the European Parliament for the German Pirate Party
The actual security audit will be carried out by employees of the IT departments at the European Commission and the European Parliament.
Worries that EU-FOSSA would produce unreadable, bureaucratic reportsFollowing the announcement of the survey results, Matthias Kirschner, Vice-President of the Free Software Foundation Europe, said he was worried that the security audit would translate to a "set of consultancy reports that nobody would ever read."
As a reply, EU-FOSSA representatives said they would be working in close cooperation with the two selected projects to make sure the engineers produce usable reports that contribute to the overall security of the two applications.
The EC also claimed that it would be looking for funds to continue the project beyond December 2016.
Other projects considered in the survey included mysql, Git, ElasticSearch, FileZilla, WinSCP, OpenSSH, Notepasd++, Firefox, 7-Zip, VLC Media Player, Glibc, the linux kernel, Apache Tomcat, BounchyCastle, OpenSSL, Drupal, VeraCrypt, Apache Commons, and the TYPO3 CMS.
Criteria for selecting the two programs
