PVS-Studio and Bug Bounties on Free and Open Source Software
In January, the EU is launching another big hunt for bugs in open-source software projects with the total bounty amount of about €850,000. Now, here’s a hint: static analysis is one of the means to track down bugs in software’s source code. For example, PVS-Studio is a good candidate for this work, especially because we have recently come up with a new type of free license for open-source projects.
We recently received a link to this post: “In January, the EU starts running Bug Bounties on Free and Open Source Software”. This is interesting news, and it is relevant to what we do since we regularly check open-source projects for bugs. It even turns out that, among other projects, we already analyzed and found bugs in some of the projects picked for the contest: Notepad++ (1, 2, 3), GNU C Library, 7-Zip.
However, our company won’t be able to make money from that — it just doesn’t seem legally possible. Sure, our developers could participate in the contest, but they would still be doing so as private individuals. Actually, we don’t mind if they do it in their off hours, and we wish them luck — given that it doesn’t distract them from their primary duties :).
Of course, it’s not only our team who can use PVS-Studio to hunt bugs — you can join in too. This has become especially easy if you deal with open-source projects. For more information, see this article: “Free PVS-Studio for those who develops open source projects”. And good luck with the hunt!