At least 10% of those who report security flaws to Mozilla turn down bug bounty

By on August 7, 2010 at 10:02 AM.

At least 10% of those who report security flaws to Mozilla turn down bug bounty

In mid-July, Mozilla announced that it was upping its “bug bounty” from $500 to $3,000 for every critical, reproducible security flaw reported. Today, MacWorld is reporting that, “Between 10 percent and 15 percent of the serious security bugs reported since Mozilla launched its bug bounty program have been provided free of charge.” Mozilla spokesperson Johnathan Nightingale said: “A lot of people would say, ‘Don’t worry about it. Donate it to the EFF or just send me a T-shirt.” Now that is the open source type spirt that just warms the cockles of your heart, isn’t it? More →

19 Comments

Mozilla Security Bug Bounty Program: $3,000 per eligible security bug

By on July 16, 2010 at 11:42 PM.

Mozilla Security Bug Bounty Program: $3,000 per eligible security bug

Mozilla Logo

Mozilla is upping the ante – literally – for those who find and report bugs in its Firefox, Firefox Mobile, and Thunderbird programs. Starting July 1, 2010 (yes, it is backdated), eligible security bugs that are confirmed by Mozilla will be paid out with a $3,000 bounty. A bug is eligible if it is critical, and a bug is considered critical when it is: original, remote, reproducible, and “allows execution of arbitrary code on users’ systems, while high severity security bugs allow access to users’ confidential information.” Lucas Adamski, Mozilla’s Director of Security Engineering, had this to say: “A lot has changed in the 6 years since the Mozilla program was announced, and we believe that one of the best ways to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information.” More →

10 Comments