FiWare

FIWARE Bounty Programme

The FIWARE Bounty Programme is devoted to engage external contributors in the development of FIWARE technologies, improving security, performance and quality of FIWARE Open Source technologies. This program encourages and rewards contributions by developers and security researchers who help make FIWARE online environment more secure.

Win cash prizes up to 2250 € for your contributions!

The bounty program has some attractive new changes! Now, every time you solve a task defined below, your prize money increases! Here is how it works:

· When you have successfully completed your first task, you will get the amounts listed in the table below.

· After your first completed task, when you come back and solve a different task, you get twice the amount earmarked for that task.

· After your second completed task, when you come back and solve a different task, you get thrice the amount earmarked for that task.

Any subsequent task completions will be capped at three times the amount earmarked for that task.

The FIWARE Developer Guidelines provide a general description of which tasks are more suitable for being accomplished by the community.

In accordance to the Guidelines, tasks will be assigned to ‘welcome contributions’. Each task, under the FIWARE Bounty Programme, will be mentored by a Core Team member of the FIWARE GEri (Generic Enabler reference implementation), who will provide pertinent guidance on the activities to be undertaken. The mentor will also act as reviewer, having the last word on the criteria for considering the task completed. Only after mentor acceptance the contributor will receive the bounty grant.

Bounty assignees (contributors) will be working under the following terms and conditions:

· Contributors must adhere to the coding standards of each GEri (linter, indentation, etc.)

· Contributors must follow the recommendations stated on the FIWARE GEri Developers Guidelines and particularly those related to external contributions.

· Contributors must give frequent and precise updates on the progress being made. If no progress report is provided in between, the Selection Committee reserves the right to revoke the assignment and to find another assignee. The mentor will be the person who must flag the issue and propose the assignment revocation.

· Bounties will be paid once the task is completed. A task will be considered as complete when the mentor has given its OK to close it as finished.

· If the development of a task expands beyond the schedule it will be up to the mentor to accept the contribution or to consider it as out of time.

Anyone can contribute to the programme, but a contributor can only be assigned to one bounty per call of the programme. The selection of the contributor for each Bounty will be made on the basis of:

Proven skills in the methods to solve the specific bounty task (e.g.: coding, operation of a FIWARE GEri, documentation, API and security);

· Experience, commitment, origin and proven skills in FIWARE (e.g. developers who have already created applications based on FIWARE or Hackathon winners).

General Security Improvements

Task: Discover and fix bugs which will cause security problems in FIWARE GEris. In case of duplicate reports it only be rewarded the first reporter of the vulnerability.

Complexity: High/Low
Bounty will be paid related to the reported bugs and delivered fixes by state of the vulnerability.

Critical: 500 EUR – Giving attackers full control on FIWARE server, instances or GEri’s e.g. by SQL Injections, RCE, Buffer overflow, etc.

Medium/Low: 50-250 – Giving attacker the control on a user Session (Medium) or vulnerability caused by rare user action (Low).

Libraries to ease development with FIWARE

Task: Create libraries (written in the most popular programming languages) intended to make FIWARE developer’s lives easier. Those libraries will be linked from the global SDK repository (https://github.com/telefonicaid/fiware-SDK.git)

Complexity: Low / Medium
Libraries can provide convenient abstractions to FIWARE GE/GEri APIs, without hiding them unnecessarily; connectors to other popular open source technologies or fill gaps not already covered by existing FIWARE GEs/GEris.

Complete GE convenience library – 750 EUR
Simple library with limited functionality – 250 EUR

A good example of the kind of a library it is being looked for is https://www.npmjs.com/package/fiware-orion-client. Actually, Orion Context Broker libraries written in other programming languages should follow a similar method signature and structure.

Contributions to the FIWARE developers’ resources

Task: Different contributions intended to outreach developers are foreseen here:

Contributions to the FIWARE Tour Guide Application:
https://docs.google.com/document/d/1FpeuBzPkAkIs90rP16jeOdi5-JuSbcdsiOatE87l3Dw/edit’’ Different front-end modules, to be defined by the application owners, are suitable to be contributed.

Complexity: Low/Medium
Bounty: 250 EUR per complete front-end module contributed to the Tour Guide Application

Blog articles, or presentations shared under proper Creative Commons licenses, that help to understand and use FIWARE technologies properly (API clarifications, hacks, experiences, best practices, …)

Complexity: Low/Medium
Bounty: 75 EUR per blog article/presentation with relevant content and once it has been peer-reviewed or published on the FIWARE blog.

Code contributions to a FIWARE GEri

Task: Contribute to the codebase of a FIWARE GEri by providing code (a patch) which fixes a bug or implement a feature marked as ‘welcome contribution’ in the GEri backlog. Thus, they will be considered as fulfilled once they are positively reviewed and landed. The rules for awarding a bounty are as follows:

200 EUR
per ‘intermediate complexity’ work item fixed. In order to be eligible for this task at least one ‘entry level’ work item have to have been fixed previously.

500 EUR per ‘advanced complexity’ work item fixed. In order to be eligible for this task at least two intermediate level work items have to have been fixed previously.

New capabilities for Orion Context Broker

Task: Implement full CORS support (POST, PATCH, PUT) for Orion Context Broker

Complexity: Medium
Bounty: 750 EUR.

New capabilities for IDAS

Task: Implement a library to connect Arduino devices to the UL 2.0/MQTT IoT Agent.

Complexity: Low
Bounty: 300 EUR

New capabilities for Cygnus / Cosmos

Task: Support for Parquet format in Cygnus
See: ‘https://github.com/telefonicaid/fiware-cygnus/issues/537.’

Complexity: Medium
Bounty: 750 EUR

Rewards

We recognize and reward researchers who help us keep FIWARE open source technology by reporting vulnerabilities in our services or by resolving specific open bounty calls. Monetary bounties are pre-defined per type of bounty and are based on risk, impact, and other factors. Keep in mind that this is not a contest or competition.

The payment of any bounty grant will be subject to the receipt of the following documentation:

  • An original signed payment agreement provided by iHub.eu.
  • An original Financial Statement, signed by the bank.
  • An original signed Tax Certificate (if needed)
  • An original signed Residence Certificate (if needed)
  • Copy of Passport/ Identity National Document
FIWARE Bounty Program Hall of Fame
The winners will appear (in alphabetical order) here. Participate & stay tuned, it could be you!
Dimitrios Amaxilatis
DinamoDigitale
Renars Vilnis
Secmotic Innovation S.L.
 
 
 
 
 
 
Application Form
APPLICATION FORM >>