PVS-Studio and Bug Bounties on Free and Open Source Software

Andrey Karpov
Articles: 368



In January, the EU is launching another big hunt for bugs in open-source software projects with the total bounty amount of about €850,000. Now, here's a hint: static analysis is one of the means to track down bugs in software's source code. For example, PVS-Studio is a good candidate for this work, especially because we have recently come up with a new type of free license for open-source projects.

Picture 1

We recently received a link to this post: "In January, the EU starts running Bug Bounties on Free and Open Source Software". This is interesting news, and it is relevant to what we do since we regularly check open-source projects for bugs. It even turns out that, among other projects, we already analyzed and found bugs in some of the projects picked for the contest: Notepad++ (1, 2, 3), GNU C Library, 7-Zip.

However, our company won't be able to make money from that - it just doesn't seem legally possible. Sure, our developers could participate in the contest, but they would still be doing so as private individuals. Actually, we don't mind if they do it in their off hours, and we wish them luck - given that it doesn't distract them from their primary duties :).

Of course, it's not only our team who can use PVS-Studio to hunt bugs - you can join in too. This has become especially easy if you deal with open-source projects. For more information, see this article: "Free PVS-Studio for those who develops open source projects". And good luck with the hunt!



Use PVS-Studio to search for bugs in C, C++, C# and Java

We offer you to check your project code with PVS-Studio. Just one bug found in the project will show you the benefits of the static code analysis methodology better than a dozen of the articles.

goto PVS-Studio;

Andrey Karpov
Articles: 368


Bugs Found

Checked Projects
344
Collected Errors
12 970