Mozilla hikes Firefox bug bounties to $3K

JRViejo · Jul 16, 2010

Mozilla on Thursday boosted bug bounty payments six-fold by increasing the standard cash award to $3,000.

The new bounty for vulnerabilities in Firefox, Firefox Mobile and Thunderbird is also six times the normal payment by Google for flaws in its Chrome browser, and more than double the maximum $1,337 that Google pays for the most severe bugs.

Mozilla and Google are the only browser makers that pay security researchers for reporting vulnerabilities in their products.
Click to expand...

Computerworld Article by Gregg Keizer.

dw426 · Jul 16, 2010

Smart move by them, that should give far more incentive to help Mozilla out. I expect Google will raise theirs as well now, if they have good sense.

JRViejo · Jul 16, 2010

dw426, and perhaps some of our Wilders wizards can make money on the offer as well.

Ibrad · Jul 17, 2010

You know if I knew how to do that and found a new flaw you know how many security programs I could buy

elapsed · Jul 17, 2010

But $1,337 reward seems so much more pleasing

BoerenkoolMetWorst · Jul 21, 2010

elapsed said:

But $1,337 reward seems so much more pleasing
Click to expand...

That's only for very critical vulnerabilities, and up till now that $1337 has just been rewarded once. On the bright side, Google just upped it to $3,133.7
Though the standard vulnerability fee is still $500 and Mozilla gives 3K for every vulnerability

JRViejo · Jul 21, 2010

FYI. Celebrating Six Months of Chromium Security Rewards.

This is what BoerenkoolMetWorst is referring to, in the post above.

JRViejo · Jul 22, 2010

Microsoft will not follow the lead of Mozilla and Google in paying researchers for reporting vulnerabilities, a company executive said today.

"We don't think [bug bounties] are the best way for us to compensate researchers," said Mike Reavey, director of the Microsoft Security Research Center (MSRC) in an interview Thursday.

Reavey was responding to questions about recent moves by Google and Mozilla to boost payments made to outside researchers who report flaws, and whether Microsoft would follow suit.
Click to expand...

Microsoft: No money for bugs by Gregg Keizer.

JRViejo · Aug 7, 2010

The open-source Mozilla project has been offering cash bounties for security bugs for six years now, but often bug finders simply turn down the cash.

Between 10 percent and 15 percent of the serious security bugs reported since Mozilla launched its bug bounty program have been provided free of charge, according to Mozilla. "A lot of people would say, 'Don't worry about it. Donate it to the EFF [Electronic Frontier Foundation] or just send me a T-shirt,'" said Johnathan Nightingale, the director of Firefox development, in a recent interview.
Click to expand...

More Than 1 in 10 Mozilla Bug Finders Turn Down Cash by Robert McMillan.

Kees1958 · Aug 8, 2010

elapsed said:

But $1,337 reward seems so much more pleasing
Click to expand...

would be more appropriate

Log in or Sign up

Mozilla hikes Firefox bug bounties to $3K

JRViejo Super Moderator

dw426 Registered Member

JRViejo Super Moderator

Ibrad Registered Member

elapsed Registered Member

BoerenkoolMetWorst Registered Member

JRViejo Super Moderator

JRViejo Super Moderator

JRViejo Super Moderator

Kees1958 Registered Member

Log in or Sign up

Mozilla hikes Firefox bug bounties to $3K

JRViejo Super Moderator

dw426 Registered Member

JRViejo Super Moderator

Ibrad Registered Member

elapsed Registered Member

BoerenkoolMetWorst Registered Member

JRViejo Super Moderator

JRViejo Super Moderator

JRViejo Super Moderator

Kees1958 Registered Member

Useful Searches