KeePass Password Manager is getting a code audit

The European Union just announced that it will give the source code of the password manager KeePass and Apache Web Server a security audit.

The idea to audit open source software came to live back in December 2014 when two members of the European Parliament suggested an audit for free software used by EU institutions.

The European Parliament allocated one million Euro for a pilot project. It took another 18 month to get started, in the last two months, users were asked to pick two free software programs from a list of open source solutions in use by the European Parliament or the Commission.

The selection list included several well-known open source solutions including Firefox, Apache Web Server, WinSCP, 7-Zip, NotePad++, VLC Media Player, and even Linux (or a component thereof).

The results are in, and the two projects with the most votes are the password manager KeePass and the Apache Web Server.

KeePass is a popular password manager for various operating systems, Apache a widely used HTTP server on the Internet.

KeePass Password Manager is getting a code audit

While I'm happy that KeePass received nearly one quarter of all votes (23.1%), it is surprising that it and Apache HTTP Server were favored in the survey over Linux or Firefox.

Here is the top ten list:

1. KeePass (23.1%)
2. Apache HTTP Server (18.7%)
3. VLC Media Player (8.8%)
4. Linux (8.6%)
5. MySQL (4.3%)
6. 7-Zip (4.2%)
7. Git client (4.1%)
8. Tomcat (2.6%)
9. BouncyCastle (2.6%)
10. Drupal (2.2%)

While KeePass and Apache HTTP Server were picked, the pilot project started work on documents that benefit future code audits as well. The pilot project ends in December, and the EC and EP are looking for funds currently to continue the project.

You can check the methodology page on EU-FOSSA for planned and already available documents. There you will also find published the results of the sample code audit of the two selected open source solutions.

The EU-FOSSA team responsible for the code audit plans to work closely with the owners of the two selected open source solutions.

The EU-FOSSA pilot is to result in a systematic approach for the EU institutions to make sure that widely-used key open source components can be trusted. The project will should also allow the EU institutions to contribute to the integrity and security of key open source software. The EC and the EP are looking for funds to continue the project after December, when the pilot will end.

As a user, I would probably have picked Firefox and KeePass as those are the two programs I use the most throughout the day. The list does include more than ten programs that I use regularly though, and I'd like the project to continue to give them all a code code audit.

Now You: Which open source solutions would you have picked?