EU institutions have finally got the memo about it being a good idea to pinpoint and fix security vulnerabilities.

Next year the European Parliament has allocated up to €1m for a project to audit free software programs in use at the European Commission (EC) and the EU Parliament in order to find and repair potential weaknesses.

A further €500,000 is being made available to work on encrypting communications among EU institutions.

Free Software Foundation Europe president Karsten Gerloff, said it was good to see the institutions investing “at least a little in improving the quality and the programs they use.”

However, he added that to make the best use of their efforts, institutions should work closely with upstream developers and make audit results public as soon as possible.

John Sullivan, executive director, Free Software Foundation, said: “Free software cannot guarantee your security, and in certain situations may appear less secure on specific vectors than some proprietary programs. As was widely agreed in the aftermath of the OpenSSL “Heartbleed” bug, the solution is not to trade one security bug for the very deep insecurity inherently created by proprietary software – the solution is to put energy and resources into auditing and improving free programs.”

SOURCE: theregister.co.uk