Mozilla Bumps Up Security Bug Bounty Program From $500 To $3,000

 

Mozilla has been a company that has had a policy of offering monetary rewards to developers who find security vulnerabilities in the Firefox Web browser. The organization recently upped the bounty from $500 to $3,000, which was a result in a change of policy. The offer was also extended to Firefox Mobile and other new products created by Mozilla.

Finding out about previously unknown security vulnerabilities opens up a lot of opportunities for profit. Security researchers get a ton of press exposure and publicity for publishing an exploit of n unpatched zero-day flaw. It's also pretty common for security researchers to sit on undisclosed vulnerabilities for a long time so that they can quickly whip them out for a quick and easy win during competitions that offer cash prizes. That being said, it's pretty clear that company perceptions about vulnerability disclosure and the value of security bugs are changing in the software industry. Following the Pwn2Own competition at CanSecWest, security researcher Charlie Miller gained much attention for his controversial "No More Free Bugs" campaign. His work contends that vendors should pay for knowledge about previously undocumented vulnerabilities.

Mozilla's decision to offer $3,000 for new legitimate security threats is beneficial to users and the company alike as it will encourage timely and responsible disclosure of new exploitable flaws. Ultimately, users will get more security and the company will end up with a better product.