Member of the European Parliament Julia Reda blogs
Security and liberty don't have to be opposites. I want the European Union to focus its energy and funds on projects that increase both the safety and the autonomy of its people at the same time. At my proposal, next year's EU budget will include a step in that direction:
€1 million of the EU's €40 million pilot project fund will be spent towards open source software security.
The European Union's interoperability page says
The European Parliament is funding a security audit of the free and open source solutions used by the Parliament and the European Commission. Last Wednesday, the EP allocated €1 million for the audit project, to be carried out by the EC Directorate General for Informatics (DIGIT). The project should also come up with best practices for code review and quality assessments of free software and open standards funded by the EU.
Related Stories
Julia Reda, the only Pirate in the European Parliament, who has been mentioned here in various contexts now blogs with more good news.
[June 16], the Legal Affairs Committee of the European Parliament passed an amended version of my copyright evaluation report with a broad majority. (Find the detailed breakdown of the votes on my overview page. The final adopted text is not yet available--I will link to it as soon as it goes online.)
The amended report was supported by all political groups--the only two opposing votes were cast by MEPs from the far-right French Front National.
In this report, the Parliament recognises that copyright reform is urgently needed not just to improve the Digital Single Market, but also , to facilitate access to knowledge and culture for all people in Europe. It calls on the Commission to consider a wide variety of measures to bring copyright law up to speed with changing realities and improve cross-border access to our cultural diversity, going further than the plans so far announced by the Commissioners.
For the first time, the Parliament asks for minimum standards for the rights of the public, which are enshrined in a list of exceptions to copyright[...]
- to allow libraries and archives to digitise their collections efficiently,
- to enable the lending of e-books over the Internet and
- to allow the [automatic] analysis of large bodies of text and data (text & data mining).
Related: Julia Reda, the Only Pirate in the European Parliament, Weighs in on Copyright
Original Submission
(Score: 4, Insightful) by kaszz on Thursday December 25 2014, @01:32AM
* How will the funding selection be derailed?
* Will smooth talkers or merits be rewarded?
* What is the political influence that will ride along this funding? (do X or funding ENDS!)
* Is the people selecting what to fund competent enough to select the right code to audit and fix?
* How will competence be evaluated?
* Will expert enthusiasts that has spent years on a project be overrun by important people in suit with the right connections?
* Is it most important to get the most competent person or that the person is from within EU?
Sorry for being cynical but sometimes one has to ask the tough stuff.
(Score: 1) by Anonymous Coward on Thursday December 25 2014, @02:04AM
It's only a million euros. That's less than one percent of one day's worth of the Common Agricultural Policy subsidies. That's enough to evaporate overnight: not even a token amount.
(Score: 0, Insightful) by Anonymous Coward on Thursday December 25 2014, @03:00AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is very good news, actually. Auditing free software is of enormous public benefit. Europe should of course be spending a lot more on free software than it does now. Even so, if 6 or so gurus could look at the code for a year and then write a report, the impact could be amazing. ~Anonymous 0x29B1D963
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJUm316AAoJEJky/icpsdljYZcP/j5tPjoKwlu5ProJ+k3e8UXy
yx1n88GgJ/t55LZqD+f1zVt8CiEwVByvCEli8/VSWrywclCc9nqs/g8ujiNjwrwY
ggdtby3q+3OCFryZT72bdagI0MHEUcECDqgmYZvtjdlWCydSyoA4SeerXZcIt0ew
7atvEywqtrtr3PNaEs93oV4lpQQJQql/GBrqraZvoPb7YIWAwpb191gadvzZlEU/
S4ZspPAd47WHCXh81C1EqT/uU0oIkxB42M83nJ6lI8+dtR7duYd1VIQ2LetfmlOA
d0d+GF7c5R4v1nj/tJ7I09/VywAlIt/IMSITmGZluhmRyRnTZtjps3gtB9piJbui
nmfZInWKxNNPG6jRQ1oc5SJOuKw8PR7S61faOofYBUhnzW27T+dxW4ybyqiIcHT2
kODsVM/8w3slqjtfU9j6gL96qO77rmrbs43a9YxokmiBvSfJjTsN8MGWOfCxTl5s
uSqWbDFn9xGZOn9pzdnb8cy3bw/2AU87QPTGzr+dvRfiQUShgLPNp0pkk0z8kMJn
VVVoyr32PGKogQLpOHhGLBQ3gaHgn2+Axq+2zYbaD50Kh5yDyM84Zd3hNgX5L9Gb
sFwMy7arBE74nngpTVIixaP6eqwc78EUYI/sjWXq2m27GeIh9+QyU3u2OKbOI/5v
Hrtk/iX8BfE3qK1UM1Jv
=m0uE
-----END PGP SIGNATURE-----
(Score: 5, Interesting) by edIII on Thursday December 25 2014, @02:57AM
Screw cynical.
They said $1,219,750 USD. It's a pittance. This is a security audit, and if we're going to be serious, it means actual auditing. There's been some real issues hidden deep for years overlooked in spite of the open review paradigm of free software. How much does paying a single security researcher (worth a damn) to review it thoroughly really cost? In other words, if we assembled a dream team of security researchers around the world, how many minutes would this fund it?
It's the EU representing the corporate interests above all else, and then ostensibly the human interests later. Just from that alone, they need to be adding a few zeros to the check. When you see a job bid that low, you know the managers and people funding it have absolutely no idea what something costs.
Don't take it seriously. Probably some nepotism where a family member is going to run it into the ground in a few months.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: -1, Offtopic) by Ethanol-fueled on Thursday December 25 2014, @04:14AM
Your momma's pussy smells like hitler.
(Score: -1, Offtopic) by Anonymous Coward on Thursday December 25 2014, @04:55AM
Please point to the place on the doll where the bad man touched you.
(Score: 2) by cafebabe on Thursday December 25 2014, @02:40PM
It may have involved [soylentnews.org] the bad man's left hand [postimg.org].
1702845791×2
(Score: 2) by edIII on Friday December 26 2014, @04:27AM
"That's not my bag baby"
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0, Offtopic) by kaszz on Thursday December 25 2014, @04:34AM
University salaries and basement dwellers might perhaps be funded this way?
(Score: 4, Interesting) by edIII on Thursday December 25 2014, @05:49AM
We want a security audit. Having the poor person pass out from lack of nutrients probably makes for poor auditing. I'm thinking living wage, which means you might put together a small team for upwards of a year.
Even going low, I don't see how you're obtaining adequate resources for the project. This is just salaries. Is it all BYOD?
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 5, Insightful) by janrinok on Thursday December 25 2014, @10:30AM
Well, it is not a large amount of money - but it is better than nothing at all. Over to you, USA, how much are you going to contribute to checking open source software next year?
(Score: 1, Insightful) by Anonymous Coward on Thursday December 25 2014, @05:21PM
We thoroughly check both open and closed source software, and we have standing audit teams for your favorite operating system, whatever it may be. We've already found all the bugs that your EU team might find in the next ten years, and we even added some more while no one was looking.
Love,
the NSA.
(Score: 1, Insightful) by Anonymous Coward on Thursday December 25 2014, @07:04PM
Exactly.
Europe really needs _NEEDS_ to do more about this. Their present and future depend on it. Bad people (and others like the american nsa) can easily hurt a nation when they choose to. Its not a matter of if, but when.
Our lives do depend on software and hardware, and this dependency will only increase. So better save yourselves while you still have time.
(Score: 0) by Anonymous Coward on Thursday December 25 2014, @11:08PM
Europe already does plenty about this. Or, rather, the BND, DGSE, GCHQ, and their friends are all auditing software like madmen, looking for bugs to exploit. They're just not as photogenic as the NSA, with that evil American black-glass building and all.
The EU software is getting audited by European professionals, have no fear of that. They're just working against the EU and for the national governments (or, in the DGSE's case, God only knows who they're actually working for, because they sure aren't working for the French government). And that's the thing: when you say "can easily hurt a nation," you've got it backwards...
(Score: 2) by Yog-Yogguth on Friday December 26 2014, @02:17PM
“…the BND, DGSE, GCHQ…” “…just not as photogenic as the NSA…”
They are the same organization: Five Eyes, Nine Eyes, Fourteen Eyes,… [wikipedia.org]
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by Yog-Yogguth on Friday December 26 2014, @02:24PM
Oops, I proofread my other comment but didn't catch how bad it sounded; it was meant as a brief statement in support of your comment.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 1, Insightful) by Anonymous Coward on Friday December 26 2014, @01:58AM
Well, it is not a large amount of money - but it is better than nothing at all. Over to you, USA, how much are you going to contribute to checking open source software next year?
I'm certain NSA has already spent quite a bit more than $1m auditing open source. They are just not always ready to release their findings. (similar is probably true of GCHQ)
(Score: -1, Offtopic) by Ethanol-fueled on Thursday December 25 2014, @04:12AM
Suck my fucking dick! HAHAHAHA
Here's a holiday surprise for you sods:
Suck my ducking dick [postimg.org] you goddamn gits.
FUCK YOU FOOLS [sydlexia.com]
Middle finger to you fucking niggers! Aww Yeah!