Mozilla Offers Rewards For Security Bugs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Mozilla Offers Rewards For Security Bugs

The maker of the open-source Firefox Web browser will pay $500 to those who discover and report significant security bugs.

The Mozilla Foundation, makers of the Firefox Web browser, on Tuesday revealed a program aimed at squashing security bugs in its open-source software.

The Mozilla Security Bugs Bounty Program will pay $500 to anyone who reports "significant security bugs" to the foundation. Foundation staff will judge which security bugs are significant enough to earn the cash prize.

The bounty program is seeking financial donations and is being seeded with funding from Linux operating system maker Linspire Inc. and venture capitalist Mark Shuttleworth. The foundation hopes to raise $10,000 in contributions by Sept. 1.

"The goal is pretty simple," says Chris Hofmann, the foundation's director of engineering. "We want to encourage people to find and report potential security issues."

Some security firms such as iDefense Inc. pay security researchers who provide them with newfound software vulnerabilities. But few, if any, nonsecurity software companies have programs designed to pay security researchers who spot vulnerabilities in their products.

Microsoft last year disclosed a cash bounty that would be paid to those who offer the software maker information leading to the arrest and conviction of virus and worm writers.

Security experts say the initiative could encourage more security researchers to comb through Mozilla's Firefox browser to uncover security holes that place Web surfers at risk of attack.

It could also encourage some to divulge the security flaws they uncover to the Mozilla Foundation, rather than simply publishing details about the flaws on the Internet before the foundation has had time to develop a patch to protect users from viruses and hacker attacks.

"This seems sensible. It is an incentive to those otherwise not inclined to disclose vulnerability in a productive manner to now do so," says Pete Lindstrom, director of research for Spire Security. "It provides a controlled process during the patch-creation process."

More information about the Mozilla Security Bugs Bounty Program can be found at www.mozilla.org/security.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll