The European Commission has launched the EU-FOSSA2 project where they want to invest in the security of open source projects by running bug bounty programs against popular software. Intigriti got the first position in this contract and will be running programs for some really known open source projects. In these programs, users from the community will be invited to help testing the security of these programs and will be rewarded for finding vulnerabilities. In this talk we will explain how bug bounty actually works, announce which programs can be found, which bounties can be earned and how the process flow works.