Mozilla Bumps Security Bug Bounty To $3,000 73
Trailrunner7 writes "In an effort to enlist more help finding bugs in its most popular software — Firefox, Thunderbird, and Firefox Mobile — Mozilla is jacking up the bounty it pays to researchers who report security flaws to $3,000. 'For new bugs reported starting July 1st, 2010 UTC we are changing the bounty payment to $3,000 US per eligible security bug. A lot has changed in the 6 years since the Mozilla program was announced, and we believe that one of the best ways to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information,' said Lucas Adamski, director of security engineering at Mozilla. In addition to Mozilla, Google also has established a bug bounty program — though at $500 it has been called 'insulting.' None of the larger software vendors such as Microsoft or Oracle have taken that step. Some researchers see that as inevitable, however."
Many eyes make all bugs shallow...not (Score:1, Funny)
<nt>
Re:Insulting? (Score:3, Funny)
I take all pricing set above or below the true market value to be a PERSONAL insult!
You insensitive clod.
Re:Insulting? (Score:3, Funny)
He may use source code if it's available, which it isn't for IE which has has found exploits in, once he's found something by after doing the fuzzing but I can assure you he doesn't just stare at the source code and go "AHA! A BUFFER OVERFLOW!!".