Feeds

Mozilla to pay bounty on bugs

Wanted: Dead or alive

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Users who identify and report serious security vulnerabilities involving Mozilla are to be rewarded for finding bugs in the open source Web browser software.

The Mozilla Security Bug Bounty Program, launched yesterday, promises a reward of $500 to anyone who finds a "critical" security bug in Mozilla. What constitutes critical will be judged by the Mozilla Foundation staff. Linux software developer Linspire and Mark entrepreneur Shuttleworth have issued seed funding to support the initiative, to be supplemented by donations from Mozilla supporters. The first $5,000 in community contributions will be matched dollar-for-dollar by Shuttleworth.

Mozilla already has a good record of promptly fixing any security problems that arise. The Mozilla Security Bug Bounty Program seeks to further encourage the community's focus on security consciousness and responsiveness. The level of reward has been pitched quite low - if somebody found an exploit they'd doubtless make more money via security firm iDefense's controversial vulnerability contributor program - but that's not really the point. The Mozilla program is probably best viewed as a symbolic gesture of thanks to those who take the trouble to find and report bugs than as a way of providing a financial incentive to expand the number of people looking for problems involving Mozilla.

"This program reflects our commitment to protecting consumers from malicious actors," said Mitchell Baker, President of the Mozilla Foundation. "Recent events illustrate the need for this type of commitment. While no software is immune from security vulnerabilities, bugs in open source projects are often identified and fixed more quickly. The Security Bug Bounty Program will help us unearth security issues earlier, allowing our supporters to provide us with a head start on correcting vulnerabilities before they are exploited by malicious hackers [crackers]."

Users who identify security bugs in Mozilla software are encouraged to go to Mozilla.org/security, which links to more information about which flaws are eligible and how to claim the bounty. ®

Related stories

Mozilla takes bite out of IE
Mozilla bug rears its head
CERT recommends anything but IE
Long-awaited IE patch (finally) arrives
MS posts $250,000 MyDoom worm bounty
MS' anti-virus bounty success
Computer Security: a handbook for the ordinary user (book review)

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.