Mozilla Security Bug Bounty Program: $3,000 per eligible security bug
Mozilla is upping the ante – literally – for those who find and report bugs in its Firefox, Firefox Mobile, and Thunderbird programs. Starting July 1, 2010 (yes, it is backdated), eligible security bugs that are confirmed by Mozilla will be paid out with a $3,000 bounty. A bug is eligible if it is critical, and a bug is considered critical when it is: original, remote, reproducible, and “allows execution of arbitrary code on users’ systems, while high severity security bugs allow access to users’ confidential information.” Lucas Adamski, Mozilla’s Director of Security Engineering, had this to say: “A lot has changed in the 6 years since the Mozilla program was announced, and we believe that one of the best ways to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information.”
Leave a Reply