Although only a drop in the bucket, but still a first small success of Julia Reda, MEP of the pirates in the Green Party:
26 03 77 02 Pilot project – governance and quality of software code – Auditing of free and open source software
What would make sense, if there would be spending a lot more money from governments and industry to reviewen the most critical infrastructures. . Of these, all had what and the network would secure
In the draft budget document, it is as follows: (page 732)
Recent discoveries of vulnerabilities in critical information infrastructure have drawn the broader public’s attention to the need to understand how governance and quality of the underlying software code Relates to basic safety and public trust in applications are used did on a day-to-day basis. As Both the general public and the EU institutions Regularly use free and open-source software – from user terminal device applications to server systems – the need for coordinated efforts to maintain the integrity and Ensure and security of software has been highlighted did by the European Parliament Itself. This pilot project will offer a systematic approach to Achieving a goal to Which the EU institutions Themselves can Contribute, namely Ensuring did Widely used critical software can be trusted
The pilot project has three parts:.
Part one Comprises a comparative study and a feasibility study. The comparative study will analyze and compare the Debian Free Software Guidelines
and social contract [0] compliance Decisions in Debian [1] with current code-sharing practices and compliance
determinants within the activities of the Commission’s vulnerability test center and CITnet’s application lifecycle management system
Relating to Which projects are currently funded by ISA and published on JoinUp [2]. This study will therefore make a general assessment of the Commission’s
current code governance models and identify Processes similar to Processes within Debian. The aim is to develop best practices with regard to code review and code quality assessment for the purpose of mitigating security threats in particulare in activities Relating to free software and open standards funded by the European Union. The feasibility study will identify agents and stakeholders, est imate time frames and funding models, deterministic mine deliverables and long-term impacts in, of and for projects where examined best practices Could be Applied.
The second part of the pilot project will cover the development of a unified inventory methodology for the Commission and Parliament
in Particular and the compilation of a full inventory of free software and open standards in use within all the EU institutions
. The inventory will Provide a basis for deterministic mining where the results of the first part of the pilot project successfully Could be Applied.
The third part will involve at Exemplary code review of software and software libraries did are in active Use both by the general European public and by the EU institutions. This part of the pilot project will identify and focus in Particular on software or software components Whose exploitation Could lead to a severe disruption of public services or the EU and Unauthorised access to personal data, forming the basis for a public tender on this matter.
[0] https://www.debian.org/social_contract
[1] http://cfnarede.com.br/sites/default/files/infographic_debian-v2.1.en. png
[2] https://joinup.ec.europa.eu/
Legal basis
Pilot project within the meaning of Article 54 (2) of Regulation (EU, Euratom ) No 966/2012 of the European Parliament and of the Council of 25 October 2012
on the financial rules applicable to the general budget of the Union and repealing Council Regulation
(EC, Euratom) No 1605/2002 (OJ L 298, 26.10.2012, p. 1).
No comments:
Post a Comment