€1m? This comes to mind..
https://www.youtube.com/watch?v=jTmXHvGZiSY
EU institutions have finally got the memo about it being a good idea to pinpoint and fix security vulnerabilities. Next year the European Parliament has allocated up to €1m for a project to audit free software programs in use at the European Commission (EC) and the EU Parliament in order to find and repair potential weaknesses …
Based on past experience with bureaucracy, any results from this audit will have been outdated by one or more major releases of the relevant software and likely be irrelevant and the devs won't backporting patches.
What will be interesting would be the types of free software in use and in what quantities.