Mozilla Expands Bug Rewards Program

 
 
By Brian Prince  |  Posted 2010-12-15 Email Print this article Print
 
 
 
 
 
 
 

Mozilla has expanded its bug rewards program to include security vulnerabilities discovered on its Websites.

"Many people are not aware that we have paid a bounty in the past on web application security vulnerabilities which impact client security," blogged Chris Lyon, director of infrastructure security at Mozilla. "We have only paid on critical or extraordinary web application vulnerabilities which have a direct impact against the client. We are now going to include critical and high severity web application vulnerabilities on selected sites.

"We are giving a range starting at $500 (US) for high severity and, in some cases, may pay up to $3000 (US) for extraordinary or critical vulnerabilities," Lyon wrote.

The move by Mozilla follows a similar one made by Google earlier this year. Mozilla's program covers a dozen sites. The list doesn't include all of Mozilla's Web properties, but the company plans to add to it moving ahead. The sites currently involved in the program include bugzilla.mozilla.org, www.mozilla.com/org and www.firefox.com.

The new policy went into effect today. For more information about what Websites are covered, click here.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Close
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel