0 Members and 2 Guests are viewing this topic.
OPEN SOURCE SOFTWARE HOUSE Mozilla has upped the bounty it offers to anyone that discovers a bug in its software.In a blog post Mozilla said that the evolving threat landscape had lead it to raise its reward to $3,000 in order to "better support constructive security research". The security bounty program was launched in 2004, and according to Lucas Adamski, director of security engineering at Mozilla, the financial reward is not the only thing that has changed. "A lot has changed in the 6 years since the Mozilla program was announced, and we believe that one of the best way to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information," he explained.The remit for bounty hunters has also increased, so while the Firefox web browser and Thunderbird email client remain supported, so too are Firefox Mobile and "any Mozilla services that those products rely upon for safe operation."Adamski added that the firm had occasionally paid out bounties in the past for bugs discovered in these applications but will now do so consistently. He also explained that bounties will be paid for bugs found in both release and beta versions.However, with a stern warning to anyone that breaks ranks and spoils the bug fixing process by going public with their discovery, he added that, "Mozilla reserves the right to disqualify bugs from the bounty payment if the reporter has been deemed to have acted against the best interests of our users." He also added that, although bounties could still be paid out in these instances, "Mozilla strongly encourages researchers to disclose bugs to us privately."